Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.NEAS2d22cc60481e1f25e5bf703cf6d8bd1d4c386036e595e6ada518eea110036332exeexe_JC.exe

  • Size

    1.3MB

  • Sample

    231016-pbmz4aec2w

  • MD5

    128833df1ad9ba0fff0b6dec6005763c

  • SHA1

    608737e7b26ff4928a59be900c61972842dbcdad

  • SHA256

    2d22cc60481e1f25e5bf703cf6d8bd1d4c386036e595e6ada518eea110036332

  • SHA512

    6bed21c928074e4fcce687e248a3d3153800ba0f538a0262bf6cbc6e9827795310634745c95a16c71c015864bf133bdfd5e6793fb0b20bc157155350f3171405

  • SSDEEP

    24576:eYiY3byk8gRn94kF/FltV6ivdJ9F5CDOrbr9dC9T1pbYisTSv60TinHtA4DyvT+e:eYio8a+kfRFsDSe1p8tTWBTt4W7+Q

Score
10/10

Malware Config

Targets

    • Target

      NEAS.NEAS2d22cc60481e1f25e5bf703cf6d8bd1d4c386036e595e6ada518eea110036332exeexe_JC.exe

    • Size

      1.3MB

    • MD5

      128833df1ad9ba0fff0b6dec6005763c

    • SHA1

      608737e7b26ff4928a59be900c61972842dbcdad

    • SHA256

      2d22cc60481e1f25e5bf703cf6d8bd1d4c386036e595e6ada518eea110036332

    • SHA512

      6bed21c928074e4fcce687e248a3d3153800ba0f538a0262bf6cbc6e9827795310634745c95a16c71c015864bf133bdfd5e6793fb0b20bc157155350f3171405

    • SSDEEP

      24576:eYiY3byk8gRn94kF/FltV6ivdJ9F5CDOrbr9dC9T1pbYisTSv60TinHtA4DyvT+e:eYio8a+kfRFsDSe1p8tTWBTt4W7+Q

    Score
    10/10
    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks