Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.1380be22df410cedb771834c6c38d310.exe
-
Size
328KB
-
Sample
231101-gqggvsdd99
-
MD5
1380be22df410cedb771834c6c38d310
-
SHA1
a54e339316224b5821d8f8b879d994f930cb8724
-
SHA256
c06a5dc04ba1bacf5fbbeda165870abe89d79dca8a808391bd9a8526d70834a2
-
SHA512
2c1b17ee88d0138d88a571785e9453a953a64df086e7a6a73dc359170dff15be635b7ba39e21550c8c65f88b6b08be0e995c56b0f4f2a3eb27bcd2390dc18320
-
SSDEEP
6144:gyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:gCemx0vN3HKGi6sYjJLUGGtedud5tr7
Malware Config
Targets
-
-
Target
NEAS.1380be22df410cedb771834c6c38d310.exe
-
Size
328KB
-
MD5
1380be22df410cedb771834c6c38d310
-
SHA1
a54e339316224b5821d8f8b879d994f930cb8724
-
SHA256
c06a5dc04ba1bacf5fbbeda165870abe89d79dca8a808391bd9a8526d70834a2
-
SHA512
2c1b17ee88d0138d88a571785e9453a953a64df086e7a6a73dc359170dff15be635b7ba39e21550c8c65f88b6b08be0e995c56b0f4f2a3eb27bcd2390dc18320
-
SSDEEP
6144:gyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:gCemx0vN3HKGi6sYjJLUGGtedud5tr7
Score8/10-
Drops file in Drivers directory
-
Possible privilege escalation attempt
-
Sets service image path in registry
-
Deletes itself
-
Modifies file permissions
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1