Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.0ff02e578b946881a6f80a1c511dc890.exe

  • Size

    317KB

  • Sample

    231101-q6zstabf33

  • MD5

    0ff02e578b946881a6f80a1c511dc890

  • SHA1

    99cafeb256475dfe4809dab942092b3095f7e1b7

  • SHA256

    965c8ad9a47a0c82ceef371c2f6915573a536548368cca39c86c6bb3fb7f7cb3

  • SHA512

    9091c2e388108160b59d8a60c047cd1c815c7885553fc1502ee211ed4f7d6131e508c2222721fcb8166fb8e78660485a1b881e8341bb4ebf4d49af56f8840493

  • SSDEEP

    6144:MVXm4i6pO0v/YBxK8eFLj3qJ5/TX2oK/aQq:Ms4++8ijaJRO/y

Score
7/10

Malware Config

Targets

    • Target

      NEAS.0ff02e578b946881a6f80a1c511dc890.exe

    • Size

      317KB

    • MD5

      0ff02e578b946881a6f80a1c511dc890

    • SHA1

      99cafeb256475dfe4809dab942092b3095f7e1b7

    • SHA256

      965c8ad9a47a0c82ceef371c2f6915573a536548368cca39c86c6bb3fb7f7cb3

    • SHA512

      9091c2e388108160b59d8a60c047cd1c815c7885553fc1502ee211ed4f7d6131e508c2222721fcb8166fb8e78660485a1b881e8341bb4ebf4d49af56f8840493

    • SSDEEP

      6144:MVXm4i6pO0v/YBxK8eFLj3qJ5/TX2oK/aQq:Ms4++8ijaJRO/y

    Score
    7/10
    • Deletes itself

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks