Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    IesVpn-winx64.exe

  • Size

    36.3MB

  • Sample

    240822-lrvs4azemf

  • MD5

    680e7c4978fd2a85ebc5e7af6da2e2a8

  • SHA1

    4a2b353da3a43a45fdfa2f121a01cec31ee9518a

  • SHA256

    1a2e029e9910f3a3aee454b44f28db7f2a4e6078a108e92876483cff08769825

  • SHA512

    1e16682d12763970366ef91448faf14aaea990011dab71865903c1e1de1dea33591cc27151670281b6bf4c0a3d625ee91eb71f937e7cc0d6354a65f17bea2cc6

  • SSDEEP

    786432:3eDkNsEq0/QflO3w3wmYu0X6pwOOMuygT/hr2R+Q/:OANFsObmYGeOOtygTpr1Q/

Malware Config

Targets

    • Target

      IesVpn-winx64.exe

    • Size

      36.3MB

    • MD5

      680e7c4978fd2a85ebc5e7af6da2e2a8

    • SHA1

      4a2b353da3a43a45fdfa2f121a01cec31ee9518a

    • SHA256

      1a2e029e9910f3a3aee454b44f28db7f2a4e6078a108e92876483cff08769825

    • SHA512

      1e16682d12763970366ef91448faf14aaea990011dab71865903c1e1de1dea33591cc27151670281b6bf4c0a3d625ee91eb71f937e7cc0d6354a65f17bea2cc6

    • SSDEEP

      786432:3eDkNsEq0/QflO3w3wmYu0X6pwOOMuygT/hr2R+Q/:OANFsObmYGeOOtygTpr1Q/

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks