Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31.exe
-
Size
259KB
-
Sample
231107-gaxh5sdg48
-
MD5
2a1390eb5563d733832c473f1109e872
-
SHA1
44429ef9a32e8ce931eeb541a3863ed6f9727ccb
-
SHA256
d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31
-
SHA512
5ac6fcbd42942d7656c651fab7432a0942570afc5068e96e6a7c41a0b504059605052eab306193f686199c1bf739a2af0982bf480b995e55b9e116abd6c8b4e2
-
SSDEEP
3072:GVXQ37fLJYJqgU5AoFCE+MBVaXAlXxDAVh5lRIxEnU:OQLfL2k7xCE+U6exDAfRq
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
NEAS.d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31.exe
-
Size
259KB
-
MD5
2a1390eb5563d733832c473f1109e872
-
SHA1
44429ef9a32e8ce931eeb541a3863ed6f9727ccb
-
SHA256
d15e72bad1966732249eb9f860d6dcaad2db09541ad67de8eee39febc706aa31
-
SHA512
5ac6fcbd42942d7656c651fab7432a0942570afc5068e96e6a7c41a0b504059605052eab306193f686199c1bf739a2af0982bf480b995e55b9e116abd6c8b4e2
-
SSDEEP
3072:GVXQ37fLJYJqgU5AoFCE+MBVaXAlXxDAVh5lRIxEnU:OQLfL2k7xCE+U6exDAfRq
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2