Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7d04d9c582590db215169327b3c95170_NEAS
-
Size
65KB
-
Sample
240507-gwe6zscd2t
-
MD5
7d04d9c582590db215169327b3c95170
-
SHA1
16131d62ef948938e0b8afb72d581c90eaaa8996
-
SHA256
77fb0809e2c9f40140a30339dbe85b64a6ad86de52f965fd077a8e4151b965ad
-
SHA512
2fccddb1c541d3883229d36ee283fe169725fda95b1222e6c9ad5ccb2af23407b8195b6fac402722eb75db08880a5255bdd275f2a3e2d88ec710990ae865e264
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuB:7WNqkOJWmo1HpM0MkTUmuB
Static task
static1
Behavioral task
behavioral1
Sample
7d04d9c582590db215169327b3c95170_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7d04d9c582590db215169327b3c95170_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
7d04d9c582590db215169327b3c95170_NEAS
-
Size
65KB
-
MD5
7d04d9c582590db215169327b3c95170
-
SHA1
16131d62ef948938e0b8afb72d581c90eaaa8996
-
SHA256
77fb0809e2c9f40140a30339dbe85b64a6ad86de52f965fd077a8e4151b965ad
-
SHA512
2fccddb1c541d3883229d36ee283fe169725fda95b1222e6c9ad5ccb2af23407b8195b6fac402722eb75db08880a5255bdd275f2a3e2d88ec710990ae865e264
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuB:7WNqkOJWmo1HpM0MkTUmuB
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1