Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.126d6e9073f8444dcf9560f96dba2e60.exe

  • Size

    328KB

  • Sample

    231101-q67tesbg22

  • MD5

    126d6e9073f8444dcf9560f96dba2e60

  • SHA1

    23c4585577ebc0f8265775ae9d634dbadea21141

  • SHA256

    70ac00b86b91507d96560d4c4785d64fff0f74085a893844289b11f1d99b3bd7

  • SHA512

    b38373954450698979d6f1b42a543815681407ffdf1ae9d1d006117a92e7657aaff23a505e1a4c870f14951827775e03f7a12a6a07bc50589ce63778d5835901

  • SSDEEP

    6144:yyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:yCemx0vN3HKGi6sYjJLUGGtedud5tr7

Malware Config

Targets

    • Target

      NEAS.126d6e9073f8444dcf9560f96dba2e60.exe

    • Size

      328KB

    • MD5

      126d6e9073f8444dcf9560f96dba2e60

    • SHA1

      23c4585577ebc0f8265775ae9d634dbadea21141

    • SHA256

      70ac00b86b91507d96560d4c4785d64fff0f74085a893844289b11f1d99b3bd7

    • SHA512

      b38373954450698979d6f1b42a543815681407ffdf1ae9d1d006117a92e7657aaff23a505e1a4c870f14951827775e03f7a12a6a07bc50589ce63778d5835901

    • SSDEEP

      6144:yyWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:yCemx0vN3HKGi6sYjJLUGGtedud5tr7

    • Drops file in Drivers directory

    • Possible privilege escalation attempt

    • Sets service image path in registry

    • Deletes itself

    • Modifies file permissions

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks