Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49327ef8ca4bfcef904c0059f9798110_NEIKI

  • Size

    23KB

  • Sample

    240508-lh9kwsdh6v

  • MD5

    49327ef8ca4bfcef904c0059f9798110

  • SHA1

    304fde14e82526f507d41d0170e25f2459210a32

  • SHA256

    a84935faf08a1c8cf5578f8e22ceab14104d54d24518edff869305210740ef61

  • SHA512

    c3dbc089d18fa4123aa8626505c24e4241dd2fb6b9b84465e6493d59fded26bd09482a173e9701a99db12cb4afb52f415af4657589b629717eba505f72cf62b8

  • SSDEEP

    384:jIz4Apz1qbyU6IBsdZzpfucfoGXxDCsfwa2qPXknPmddwVL3zYskns:jIUmz0bJ6AszzpmqxdfR2YU+ddwVLDMs

Malware Config

Targets

    • Target

      49327ef8ca4bfcef904c0059f9798110_NEIKI

    • Size

      23KB

    • MD5

      49327ef8ca4bfcef904c0059f9798110

    • SHA1

      304fde14e82526f507d41d0170e25f2459210a32

    • SHA256

      a84935faf08a1c8cf5578f8e22ceab14104d54d24518edff869305210740ef61

    • SHA512

      c3dbc089d18fa4123aa8626505c24e4241dd2fb6b9b84465e6493d59fded26bd09482a173e9701a99db12cb4afb52f415af4657589b629717eba505f72cf62b8

    • SSDEEP

      384:jIz4Apz1qbyU6IBsdZzpfucfoGXxDCsfwa2qPXknPmddwVL3zYskns:jIUmz0bJ6AszzpmqxdfR2YU+ddwVLDMs

    • Windows security bypass

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks