Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.693c14bc43b49bae8d393fe1c5a51300_JC.exe
-
Size
368KB
-
Sample
231103-ckmdpsad6w
-
MD5
693c14bc43b49bae8d393fe1c5a51300
-
SHA1
445c720c5628b40e9bc90b846873b1b79289da10
-
SHA256
5b6162ddd7028e8373edf5cb507aa7a984f13f289ab259a71573a40ed66a9450
-
SHA512
55f5269d7202c637a302c4adcef894562a8c20708ca2ea90dd19e194aef0ac53d68a7ca03f103c29cf28ec7d7fc03c54eeb817b3f8ece2cc7b1255e1df0cb0d2
-
SSDEEP
3072:zo4L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqu:FtpvoCpcNQ1jQdiG/2UzuEP/Nnrry
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.693c14bc43b49bae8d393fe1c5a51300_JC.exe
Resource
win7-20231023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.693c14bc43b49bae8d393fe1c5a51300_JC.exe
-
Size
368KB
-
MD5
693c14bc43b49bae8d393fe1c5a51300
-
SHA1
445c720c5628b40e9bc90b846873b1b79289da10
-
SHA256
5b6162ddd7028e8373edf5cb507aa7a984f13f289ab259a71573a40ed66a9450
-
SHA512
55f5269d7202c637a302c4adcef894562a8c20708ca2ea90dd19e194aef0ac53d68a7ca03f103c29cf28ec7d7fc03c54eeb817b3f8ece2cc7b1255e1df0cb0d2
-
SSDEEP
3072:zo4L5tpV+CSA1AAPoCpxW5ATBfUNjpS1svkTVC9FieYTTLprx/m3qT4S826guKqu:FtpvoCpcNQ1jQdiG/2UzuEP/Nnrry
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
9