Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.d7a78c97ccea600ed51a2a352202e970.exe
-
Size
65KB
-
Sample
231021-1elf8aab5x
-
MD5
d7a78c97ccea600ed51a2a352202e970
-
SHA1
ae3dfcf113c855376bda481ba9dace30e6724420
-
SHA256
776d31fea98a775e2fabb507ac65cfe87662f645a94609ec5c5c9808463d077d
-
SHA512
6a2f4667c088e1dc678a2ad53a9e34905f9f629510fa3065f1dfab3cd104d115b5cc7a5c743be83877eba055c98d14dca2cc1c283a317fe9548e022de1d38139
-
SSDEEP
768:oNb8ZCjvYw897yyjQ1qWLyjpe0fVUX+aD7UmF+T3cWidgxzCinUsrujZOSkBvWJs:M+0vYlG9G92UeL/O/U8c6WJBR56Ca
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d7a78c97ccea600ed51a2a352202e970.exe
Resource
win7-20231020-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.d7a78c97ccea600ed51a2a352202e970.exe
-
Size
65KB
-
MD5
d7a78c97ccea600ed51a2a352202e970
-
SHA1
ae3dfcf113c855376bda481ba9dace30e6724420
-
SHA256
776d31fea98a775e2fabb507ac65cfe87662f645a94609ec5c5c9808463d077d
-
SHA512
6a2f4667c088e1dc678a2ad53a9e34905f9f629510fa3065f1dfab3cd104d115b5cc7a5c743be83877eba055c98d14dca2cc1c283a317fe9548e022de1d38139
-
SSDEEP
768:oNb8ZCjvYw897yyjQ1qWLyjpe0fVUX+aD7UmF+T3cWidgxzCinUsrujZOSkBvWJs:M+0vYlG9G92UeL/O/U8c6WJBR56Ca
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5