Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tg_proX64.exe.v

  • Size

    70.9MB

  • Sample

    240919-tpfkdsxfpf

  • MD5

    a15fe81c0d0661a089e2d3d78213d52c

  • SHA1

    049d9028f66a46d2f5127c1ce44feac95f6581a7

  • SHA256

    d51d112f071390cb95010575572bdf3e0ad0a25b6b4bf83b41d6c59086cfedf7

  • SHA512

    9bb25d15214ee6d897293bdd8c6e88deb2f8a2d2cf8d74abd4855c56049b09af41016d2d8f827fe072be36e3a1d6e2b19e4b36adc839e3a43e306b688cfcbf47

  • SSDEEP

    1572864:T8VnWS8+lvp0kdu8RojQ5qATl2iUUeC/oIH4ecuiAxBtg:T8JyM6XjomiReMoIH4eoga

Score
10/10

Malware Config

Targets

    • Target

      tg_proX64.exe.v

    • Size

      70.9MB

    • MD5

      a15fe81c0d0661a089e2d3d78213d52c

    • SHA1

      049d9028f66a46d2f5127c1ce44feac95f6581a7

    • SHA256

      d51d112f071390cb95010575572bdf3e0ad0a25b6b4bf83b41d6c59086cfedf7

    • SHA512

      9bb25d15214ee6d897293bdd8c6e88deb2f8a2d2cf8d74abd4855c56049b09af41016d2d8f827fe072be36e3a1d6e2b19e4b36adc839e3a43e306b688cfcbf47

    • SSDEEP

      1572864:T8VnWS8+lvp0kdu8RojQ5qATl2iUUeC/oIH4ecuiAxBtg:T8JyM6XjomiReMoIH4eoga

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks