Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.1380be22df410cedb771834c6c38d310.exe

  • Size

    328KB

  • Sample

    231101-gqggvsdd99

  • MD5

    1380be22df410cedb771834c6c38d310

  • SHA1

    a54e339316224b5821d8f8b879d994f930cb8724

  • SHA256

    c06a5dc04ba1bacf5fbbeda165870abe89d79dca8a808391bd9a8526d70834a2

  • SHA512

    2c1b17ee88d0138d88a571785e9453a953a64df086e7a6a73dc359170dff15be635b7ba39e21550c8c65f88b6b08be0e995c56b0f4f2a3eb27bcd2390dc18320

  • SSDEEP

    6144:gyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:gCemx0vN3HKGi6sYjJLUGGtedud5tr7

Malware Config

Targets

    • Target

      NEAS.1380be22df410cedb771834c6c38d310.exe

    • Size

      328KB

    • MD5

      1380be22df410cedb771834c6c38d310

    • SHA1

      a54e339316224b5821d8f8b879d994f930cb8724

    • SHA256

      c06a5dc04ba1bacf5fbbeda165870abe89d79dca8a808391bd9a8526d70834a2

    • SHA512

      2c1b17ee88d0138d88a571785e9453a953a64df086e7a6a73dc359170dff15be635b7ba39e21550c8c65f88b6b08be0e995c56b0f4f2a3eb27bcd2390dc18320

    • SSDEEP

      6144:gyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:gCemx0vN3HKGi6sYjJLUGGtedud5tr7

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

    • Sets service image path in registry

    • Deletes itself

    • Modifies file permissions

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks