Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.702ee...20.exe

windows7-x64

10

NEAS.702ee...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.702ee218cab1cca6d1c9d68681cef620.exe

  • Size

    5.5MB

  • Sample

    231021-z8fx6afh86

  • MD5

    702ee218cab1cca6d1c9d68681cef620

  • SHA1

    798ee2288f421c71062610ec89d44aa2b66c0f0c

  • SHA256

    9a23c61502141ca5a2be7d1649f740041e1c836fbfbb291726fbb083f8e91f34

  • SHA512

    5fdaf8a8416c359bd1d2a4b8d24ab0817145859703061ab121911147e027c0f5bb9a800aa2154ca85398fbf529216f312a0ed5755aa73dba5b7381ce07145d79

  • SSDEEP

    98304:gm7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7c:gm7Nm7om7Nm7om7Nm7om7Nm7om7Nm7oM

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      NEAS.702ee218cab1cca6d1c9d68681cef620.exe

    • Size

      5.5MB

    • MD5

      702ee218cab1cca6d1c9d68681cef620

    • SHA1

      798ee2288f421c71062610ec89d44aa2b66c0f0c

    • SHA256

      9a23c61502141ca5a2be7d1649f740041e1c836fbfbb291726fbb083f8e91f34

    • SHA512

      5fdaf8a8416c359bd1d2a4b8d24ab0817145859703061ab121911147e027c0f5bb9a800aa2154ca85398fbf529216f312a0ed5755aa73dba5b7381ce07145d79

    • SSDEEP

      98304:gm7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7Nm7om7c:gm7Nm7om7Nm7om7Nm7om7Nm7om7Nm7oM

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks