Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
D34TH 3.0.bat
-
Size
1KB
-
Sample
240420-s2tgcabg65
-
MD5
0f4eb5ba6b7652249cd6f8925cab247f
-
SHA1
6c5174b3f1b62def3d9ca4da34332a812a6a9db4
-
SHA256
298d0085347d70e634a5d8d8487d067666ef8bf25808e7605d860187502f016a
-
SHA512
6b97c3d147a540fc4ab92dcf0bbce8fdaf75dc2ff4680b63ef17a338a8b1e36676b5f3a1fe46a8e8f453bf915fa1ae064aef703ab3b13fe1c45adfa958484788
Static task
static1
Malware Config
Targets
-
-
Target
D34TH 3.0.bat
-
Size
1KB
-
MD5
0f4eb5ba6b7652249cd6f8925cab247f
-
SHA1
6c5174b3f1b62def3d9ca4da34332a812a6a9db4
-
SHA256
298d0085347d70e634a5d8d8487d067666ef8bf25808e7605d860187502f016a
-
SHA512
6b97c3d147a540fc4ab92dcf0bbce8fdaf75dc2ff4680b63ef17a338a8b1e36676b5f3a1fe46a8e8f453bf915fa1ae064aef703ab3b13fe1c45adfa958484788
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Modifies Windows Firewall
-
Modifies file permissions
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-