Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    739a38ab9a9ff169ad806fe52affb72995ce8944d2e9a42dfd91e41bffcec316

  • Size

    536KB

  • Sample

    230827-vah8eade3w

  • MD5

    35c62921f6d6b930053b6cbb32d48a24

  • SHA1

    15ba18d0e71a05fa47c149d9427f05c10236cd2f

  • SHA256

    739a38ab9a9ff169ad806fe52affb72995ce8944d2e9a42dfd91e41bffcec316

  • SHA512

    cb7c3ea83fb8b22fae94b2fa9e7e19cea101dd24815c2729cf2465dbe484740df75c2a9680700c0f94aa24ba37c32a40625a8252b0aaaa6a0cea2a8e82b0323c

  • SSDEEP

    12288:2Qab4j0WxHHxvgZ5Debn9XdvVYf8tn5+qqheFgOkx2LIa:Tvj0oxv2Dezv/tx3yOkx2LF

Score
10/10

Malware Config

Targets

    • Target

      739a38ab9a9ff169ad806fe52affb72995ce8944d2e9a42dfd91e41bffcec316

    • Size

      536KB

    • MD5

      35c62921f6d6b930053b6cbb32d48a24

    • SHA1

      15ba18d0e71a05fa47c149d9427f05c10236cd2f

    • SHA256

      739a38ab9a9ff169ad806fe52affb72995ce8944d2e9a42dfd91e41bffcec316

    • SHA512

      cb7c3ea83fb8b22fae94b2fa9e7e19cea101dd24815c2729cf2465dbe484740df75c2a9680700c0f94aa24ba37c32a40625a8252b0aaaa6a0cea2a8e82b0323c

    • SSDEEP

      12288:2Qab4j0WxHHxvgZ5Debn9XdvVYf8tn5+qqheFgOkx2LIa:Tvj0oxv2Dezv/tx3yOkx2LF

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks