Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.f1d3022082240f48b73e3e3d3b134720.exe
-
Size
120KB
-
Sample
231104-n9xfrabf62
-
MD5
f1d3022082240f48b73e3e3d3b134720
-
SHA1
dd144baccd8c78242d0ac594c99c3f64a25fcff0
-
SHA256
b3aaa4d82297fbd56e015c01bff60a9f8706fda2fe08bceeb462f13588ade4ef
-
SHA512
7e86f459386d087cfd72c1d86777f4bf533176c9e8248e8c1b0847b4bb3424f293e00c67fe2050be640cbd555eeafcb103227c458fcbf5b13fa9e8a3495ff043
-
SSDEEP
1536:IaWnc/C+Z66j4k/Dj54fLihewNPMH7yVYS5Md9HTZhYtke6IrZTPHtpP77eFzGM2:I+8k5gihe5GyS5INix6IJ11AaMby
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.f1d3022082240f48b73e3e3d3b134720.dll
Resource
win7-20231023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.f1d3022082240f48b73e3e3d3b134720.exe
-
Size
120KB
-
MD5
f1d3022082240f48b73e3e3d3b134720
-
SHA1
dd144baccd8c78242d0ac594c99c3f64a25fcff0
-
SHA256
b3aaa4d82297fbd56e015c01bff60a9f8706fda2fe08bceeb462f13588ade4ef
-
SHA512
7e86f459386d087cfd72c1d86777f4bf533176c9e8248e8c1b0847b4bb3424f293e00c67fe2050be640cbd555eeafcb103227c458fcbf5b13fa9e8a3495ff043
-
SSDEEP
1536:IaWnc/C+Z66j4k/Dj54fLihewNPMH7yVYS5Md9HTZhYtke6IrZTPHtpP77eFzGM2:I+8k5gihe5GyS5INix6IJ11AaMby
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5