Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.f1d8af84a0692c2b41a3f1781accf580.exe
-
Size
474KB
-
Sample
231028-y3hn5aed57
-
MD5
f1d8af84a0692c2b41a3f1781accf580
-
SHA1
a7bca1d8e2ee512e331f96efa7c2e305f5e470b3
-
SHA256
f12bf1acd8cc8f9c4397be6836104bcea66e5f9f9caaf3d3a0b63e5751aa7b99
-
SHA512
28d5eeb5a9d719a86545fb0ae040494be4b1501dce060202937d1167123163fc7a3205e4e9debe1de5ce8030029e540d161f5d34d88aaed9cc852cc5739955a8
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKEl5:nRDc3yWDNU+YUznzNjElWaT07NQt5
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.f1d8af84a0692c2b41a3f1781accf580.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.f1d8af84a0692c2b41a3f1781accf580.exe
Resource
win10v2004-20231025-en
Malware Config
Targets
-
-
Target
NEAS.f1d8af84a0692c2b41a3f1781accf580.exe
-
Size
474KB
-
MD5
f1d8af84a0692c2b41a3f1781accf580
-
SHA1
a7bca1d8e2ee512e331f96efa7c2e305f5e470b3
-
SHA256
f12bf1acd8cc8f9c4397be6836104bcea66e5f9f9caaf3d3a0b63e5751aa7b99
-
SHA512
28d5eeb5a9d719a86545fb0ae040494be4b1501dce060202937d1167123163fc7a3205e4e9debe1de5ce8030029e540d161f5d34d88aaed9cc852cc5739955a8
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKEl5:nRDc3yWDNU+YUznzNjElWaT07NQt5
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1