Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NoEscape.exe.zip
-
Size
13.5MB
-
Sample
240810-rwsr7atcnp
-
MD5
660708319a500f1865fa9d2fadfa712d
-
SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8
-
SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c
-
SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517
-
SSDEEP
393216:BATeK1bYlJbM9tAlAkRCnG7H+KlzMNCPm5lvvayDPk15DBJ:BoX16blXonYeKdKCPGayDPiJ
Static task
static1
Behavioral task
behavioral1
Sample
NoEscape.exe.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
NoEscape.exe/NoEscape.exe-Latest Version/NoEscape.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
NoEscape.exe/NoEscape.exe-Latest Version/vc_redist.x86.exe
Resource
win10-20240611-en
Malware Config
Targets
-
-
Target
NoEscape.exe.zip
-
Size
13.5MB
-
MD5
660708319a500f1865fa9d2fadfa712d
-
SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8
-
SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c
-
SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517
-
SSDEEP
393216:BATeK1bYlJbM9tAlAkRCnG7H+KlzMNCPm5lvvayDPk15DBJ:BoX16blXonYeKdKCPGayDPiJ
Score1/10 -
-
-
Target
NoEscape.exe/NoEscape.exe-Latest Version/NoEscape.exe
-
Size
666KB
-
MD5
989ae3d195203b323aa2b3adf04e9833
-
SHA1
31a45521bc672abcf64e50284ca5d4e6b3687dc8
-
SHA256
d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
-
SHA512
e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305
-
SSDEEP
12288:85J5X487qJUtcWfkVJ6g5s/cD01oKHQyis2AePsr8nP712TB:s487pcZEgwcDpg1L2tbPR2t
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
NoEscape.exe/NoEscape.exe-Latest Version/vc_redist.x86.exe
-
Size
13.1MB
-
MD5
1a15e6606bac9647e7ad3caa543377cf
-
SHA1
bfb74e498c44d3a103ca3aa2831763fb417134d1
-
SHA256
fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
-
SHA512
e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd
-
SSDEEP
393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Winlogon Helper DLL
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5