Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.74c1a75ad25b02e803215c2f676146d0.exe
-
Size
1.1MB
-
Sample
231107-el9lqscf67
-
MD5
74c1a75ad25b02e803215c2f676146d0
-
SHA1
f8abbe2d9319799846311b70ef9383d66e14bacf
-
SHA256
55eef54d3f27ef5d9465b19ab925786759f2cf5c6453998ba8daebf558bfa64a
-
SHA512
631045fcc627bbef113f806186f52be6380bcea68202a8b67cd5b73224643de0e8111a5a48481f74af5b4f436f8369853ed5e264ddc29c3809660e14de05bc8c
-
SSDEEP
1536:i+d5JPwFP816C9V29d95KTtSj1z49LsWENmlma03hIx:i+JsOpU9tScj1YYKma03h
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.74c1a75ad25b02e803215c2f676146d0.exe
Resource
win7-20231023-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
NEAS.74c1a75ad25b02e803215c2f676146d0.exe
-
Size
1.1MB
-
MD5
74c1a75ad25b02e803215c2f676146d0
-
SHA1
f8abbe2d9319799846311b70ef9383d66e14bacf
-
SHA256
55eef54d3f27ef5d9465b19ab925786759f2cf5c6453998ba8daebf558bfa64a
-
SHA512
631045fcc627bbef113f806186f52be6380bcea68202a8b67cd5b73224643de0e8111a5a48481f74af5b4f436f8369853ed5e264ddc29c3809660e14de05bc8c
-
SSDEEP
1536:i+d5JPwFP816C9V29d95KTtSj1z49LsWENmlma03hIx:i+JsOpU9tScj1YYKma03h
-
Modifies firewall policy service
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5