Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    98bbdacb195539f162c7566811412d60N.exe

  • Size

    6.6MB

  • Sample

    240802-nj5dns1arf

  • MD5

    98bbdacb195539f162c7566811412d60

  • SHA1

    e26ae4c95ad882d852168131e1e57fba05b62fe0

  • SHA256

    35e345c8b2fafb181c1b873d27604bef40a4b13a4cd5745e57b0807ed060b18c

  • SHA512

    dcb8617d89f895ef16972c5a6732b96f2174c3f0946297f135a34c48cc05221451cbbc97232af7ac17b7e7620eea2f9de5865a054b91c18aeb38ff267bd08ae3

  • SSDEEP

    98304:oCD6vy8Msw5+Wp5a/VTvhCkH+jiDUwDjezCEgnM:7D6vy9s05ahHH+eD5qeEQM

Malware Config

Targets

    • Target

      98bbdacb195539f162c7566811412d60N.exe

    • Size

      6.6MB

    • MD5

      98bbdacb195539f162c7566811412d60

    • SHA1

      e26ae4c95ad882d852168131e1e57fba05b62fe0

    • SHA256

      35e345c8b2fafb181c1b873d27604bef40a4b13a4cd5745e57b0807ed060b18c

    • SHA512

      dcb8617d89f895ef16972c5a6732b96f2174c3f0946297f135a34c48cc05221451cbbc97232af7ac17b7e7620eea2f9de5865a054b91c18aeb38ff267bd08ae3

    • SSDEEP

      98304:oCD6vy8Msw5+Wp5a/VTvhCkH+jiDUwDjezCEgnM:7D6vy9s05ahHH+eD5qeEQM

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks