Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.071b57fd7e88f760741f4d68c39510e0_JC.exe

  • Size

    255KB

  • Sample

    231012-ttmt9sdc76

  • MD5

    071b57fd7e88f760741f4d68c39510e0

  • SHA1

    dbf9a7f669b35adebd305ac3b7bd6d49bf7b1230

  • SHA256

    c4ef3c90f6ad73d8a57242e4d8918c912583c3cfd2838f52291063a81b93e262

  • SHA512

    9c083aec2f1c4efec640c0d16654f3e7083bc617a45747d3aa3b9a3812ac29fa551963a8b256d0a8fee5693ee317d5c7eef9ffdcc4bf03b802d7e4ac216f2c92

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJR:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIa

Malware Config

Targets

    • Target

      NEAS.071b57fd7e88f760741f4d68c39510e0_JC.exe

    • Size

      255KB

    • MD5

      071b57fd7e88f760741f4d68c39510e0

    • SHA1

      dbf9a7f669b35adebd305ac3b7bd6d49bf7b1230

    • SHA256

      c4ef3c90f6ad73d8a57242e4d8918c912583c3cfd2838f52291063a81b93e262

    • SHA512

      9c083aec2f1c4efec640c0d16654f3e7083bc617a45747d3aa3b9a3812ac29fa551963a8b256d0a8fee5693ee317d5c7eef9ffdcc4bf03b802d7e4ac216f2c92

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJR:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIa

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks