Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    _vti_cnf.exe

  • Size

    477KB

  • Sample

    230630-p57llacg92

  • MD5

    34e03669773d47d0d8f01be78ae484e4

  • SHA1

    4b0a7e2af2c28ae191737ba07632ed354d35c978

  • SHA256

    2919b157d8d2161bf56a17af0efc171d8e2c3c233284cf116e8c968dd9704572

  • SHA512

    8d93fab3c2544d015af2d84f07d3ebbf8acead8bb0185ffb045302b2be19ac12cd2ac59288313bd75bc230768c90e68139c124ea89df943776b1cfaac4876a7f

  • SSDEEP

    6144:ZvZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nnnKCXP7:J7wVfiRuqPW/dgMqIHdjSFnnKCX

Score
10/10

Malware Config

Targets

    • Target

      _vti_cnf.exe

    • Size

      477KB

    • MD5

      34e03669773d47d0d8f01be78ae484e4

    • SHA1

      4b0a7e2af2c28ae191737ba07632ed354d35c978

    • SHA256

      2919b157d8d2161bf56a17af0efc171d8e2c3c233284cf116e8c968dd9704572

    • SHA512

      8d93fab3c2544d015af2d84f07d3ebbf8acead8bb0185ffb045302b2be19ac12cd2ac59288313bd75bc230768c90e68139c124ea89df943776b1cfaac4876a7f

    • SSDEEP

      6144:ZvZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nnnKCXP7:J7wVfiRuqPW/dgMqIHdjSFnnKCX

    Score
    10/10
    • Modifies WinLogon for persistence

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks