Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.279fca2fb9903b7be96c3cadc7ef3a50.exe
-
Size
458KB
-
Sample
231101-q8gd9acd84
-
MD5
279fca2fb9903b7be96c3cadc7ef3a50
-
SHA1
e169f06c121656afcd28fbe0f90cd4565fc31c27
-
SHA256
f2a3a9f378db287bdd6aeb8c68e8e6dbb4c544d01a7e48ce58f4c9f29b5e4b7b
-
SHA512
c500b449dee51f63d1fe621987e4bd69e0e6718f07ede27ec13f1d562719819b4f5d58ed6be6c8ee2e2a4e2d0a86b9e0464c9d3c592933d3e83f61eb892654df
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iioct0IwdNOuLcktJFksISWmSILKxrj:/pW2IoioS6jsk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.279fca2fb9903b7be96c3cadc7ef3a50.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.279fca2fb9903b7be96c3cadc7ef3a50.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
NEAS.279fca2fb9903b7be96c3cadc7ef3a50.exe
-
Size
458KB
-
MD5
279fca2fb9903b7be96c3cadc7ef3a50
-
SHA1
e169f06c121656afcd28fbe0f90cd4565fc31c27
-
SHA256
f2a3a9f378db287bdd6aeb8c68e8e6dbb4c544d01a7e48ce58f4c9f29b5e4b7b
-
SHA512
c500b449dee51f63d1fe621987e4bd69e0e6718f07ede27ec13f1d562719819b4f5d58ed6be6c8ee2e2a4e2d0a86b9e0464c9d3c592933d3e83f61eb892654df
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iioct0IwdNOuLcktJFksISWmSILKxrj:/pW2IoioS6jsk
Score10/10-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Modifies system executable filetype association
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1