Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    D34TH 3.0.bat

  • Size

    1KB

  • Sample

    240420-s2tgcabg65

  • MD5

    0f4eb5ba6b7652249cd6f8925cab247f

  • SHA1

    6c5174b3f1b62def3d9ca4da34332a812a6a9db4

  • SHA256

    298d0085347d70e634a5d8d8487d067666ef8bf25808e7605d860187502f016a

  • SHA512

    6b97c3d147a540fc4ab92dcf0bbce8fdaf75dc2ff4680b63ef17a338a8b1e36676b5f3a1fe46a8e8f453bf915fa1ae064aef703ab3b13fe1c45adfa958484788

Score
8/10

Malware Config

Targets

    • Target

      D34TH 3.0.bat

    • Size

      1KB

    • MD5

      0f4eb5ba6b7652249cd6f8925cab247f

    • SHA1

      6c5174b3f1b62def3d9ca4da34332a812a6a9db4

    • SHA256

      298d0085347d70e634a5d8d8487d067666ef8bf25808e7605d860187502f016a

    • SHA512

      6b97c3d147a540fc4ab92dcf0bbce8fdaf75dc2ff4680b63ef17a338a8b1e36676b5f3a1fe46a8e8f453bf915fa1ae064aef703ab3b13fe1c45adfa958484788

    Score
    8/10
    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Modifies Windows Firewall

    • Modifies file permissions

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks