Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.02b70a97c3c0b99ccf84ab7ffe3be600.exe
-
Size
293KB
-
Sample
231112-lpap5sfa39
-
MD5
02b70a97c3c0b99ccf84ab7ffe3be600
-
SHA1
d93886c2b4a2901be15c0469c8ad4adb4c3d53e6
-
SHA256
b525eb7207acc2739513e6996df64c569151be26ea3e4dfaa73c2df4c215d311
-
SHA512
8fff2c644f0c8caa3863d17e5c9c6cf0c50463b6a47796660bf8bbdda03e273500af6babe7bdae39637ae704149b4bd4be0b28321b3bc31f0d75e73a731d8862
-
SSDEEP
3072:AygCullUQN7gsBh1L1QygCullUQN7gsBh1L12:ARleK7712RleK771o
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.02b70a97c3c0b99ccf84ab7ffe3be600.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.02b70a97c3c0b99ccf84ab7ffe3be600.exe
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
NEAS.02b70a97c3c0b99ccf84ab7ffe3be600.exe
-
Size
293KB
-
MD5
02b70a97c3c0b99ccf84ab7ffe3be600
-
SHA1
d93886c2b4a2901be15c0469c8ad4adb4c3d53e6
-
SHA256
b525eb7207acc2739513e6996df64c569151be26ea3e4dfaa73c2df4c215d311
-
SHA512
8fff2c644f0c8caa3863d17e5c9c6cf0c50463b6a47796660bf8bbdda03e273500af6babe7bdae39637ae704149b4bd4be0b28321b3bc31f0d75e73a731d8862
-
SSDEEP
3072:AygCullUQN7gsBh1L1QygCullUQN7gsBh1L12:ARleK7712RleK771o
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1