Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.7444ca9be507f7fa198023822cc1a620_JC.exe
-
Size
120KB
-
Sample
231022-syy8esac8x
-
MD5
7444ca9be507f7fa198023822cc1a620
-
SHA1
7ed05d2244091f15b793b28a9e646f3baf0e86df
-
SHA256
edf6405fadb1f3931a8119f5cfdad3f89f023898837345bf546d815b36be7d62
-
SHA512
0bee40b8c8ee3d3cfad93dccdadd3d40cf9ac05c5289ab14e3687c6239721b68fbbaa763f0af140e183c30932c33371c54d8978501d57d3b6479ed98fa0ac1c7
-
SSDEEP
3072:zyil/H99lEtGCp0m5kJ8OMFiFY5Cy6/fz:eitHDytl0sINfZyo
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7444ca9be507f7fa198023822cc1a620_JC.dll
Resource
win7-20231020-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.7444ca9be507f7fa198023822cc1a620_JC.exe
-
Size
120KB
-
MD5
7444ca9be507f7fa198023822cc1a620
-
SHA1
7ed05d2244091f15b793b28a9e646f3baf0e86df
-
SHA256
edf6405fadb1f3931a8119f5cfdad3f89f023898837345bf546d815b36be7d62
-
SHA512
0bee40b8c8ee3d3cfad93dccdadd3d40cf9ac05c5289ab14e3687c6239721b68fbbaa763f0af140e183c30932c33371c54d8978501d57d3b6479ed98fa0ac1c7
-
SSDEEP
3072:zyil/H99lEtGCp0m5kJ8OMFiFY5Cy6/fz:eitHDytl0sINfZyo
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5