Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.fe41a939dd3c2f2eb8833681289a5700.exe

  • Size

    3.9MB

  • Sample

    231112-lpap5sfa43

  • MD5

    fe41a939dd3c2f2eb8833681289a5700

  • SHA1

    de69c02e8209acba4e0fed9ed3cfaa4ea0e742e0

  • SHA256

    ff8f94fc24dbbeecf0efb07da1cebc0ec0359e1d7a9cf3b898acb543f29fba68

  • SHA512

    4480660484ec38a8e82ba5f33e61704548826f31ff04aa624c05fad09909538bbf83e405504a011e13b289603d06d1cfce0efe403c22b7403ecfab7c9a31ed71

  • SSDEEP

    98304:MtBS4neHvZjiEO5Ihd1T5HqDXJqNjpzS3vv3jirr3jjWiTaOvifviOrF:crnevd1NHqDXJqNj4

Malware Config

Targets

    • Target

      NEAS.fe41a939dd3c2f2eb8833681289a5700.exe

    • Size

      3.9MB

    • MD5

      fe41a939dd3c2f2eb8833681289a5700

    • SHA1

      de69c02e8209acba4e0fed9ed3cfaa4ea0e742e0

    • SHA256

      ff8f94fc24dbbeecf0efb07da1cebc0ec0359e1d7a9cf3b898acb543f29fba68

    • SHA512

      4480660484ec38a8e82ba5f33e61704548826f31ff04aa624c05fad09909538bbf83e405504a011e13b289603d06d1cfce0efe403c22b7403ecfab7c9a31ed71

    • SSDEEP

      98304:MtBS4neHvZjiEO5Ihd1T5HqDXJqNjpzS3vv3jirr3jjWiTaOvifviOrF:crnevd1NHqDXJqNj4

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks