Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ProtonVPN_...64.exe

windows7-x64

ProtonVPN_...64.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProtonVPN_v3.5.3_x64.exe

  • Size

    81.4MB

  • Sample

    250328-llnslawm13

  • MD5

    9e246caf655fef65deaa2ccb9886fddb

  • SHA1

    e8186d24c2e0011453e0495a69aebfd56635240e

  • SHA256

    bbc5d2cf7422ee184beaaac9aa920b0cf9a1310cfd703fd0f9b1b63701672df8

  • SHA512

    f1c6e86c681329feda4db846125356ed29c85a97c65db2e4f66411763b13e844bb947b77c2e7e904f1cb5ae12868d4a133e8573557f477fd147952a942a259e2

  • SSDEEP

    1572864:pVuySnEkGve5KGOIBvwOiHmg4qy5A47s5ECkAz0Ii/VjSuHk26ndjpj69FoFYlwu:WySJme5OswOdn3cw7jjHD9FmYh

Score
10/10
defense_evasiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      ProtonVPN_v3.5.3_x64.exe

    • Size

      81.4MB

    • MD5

      9e246caf655fef65deaa2ccb9886fddb

    • SHA1

      e8186d24c2e0011453e0495a69aebfd56635240e

    • SHA256

      bbc5d2cf7422ee184beaaac9aa920b0cf9a1310cfd703fd0f9b1b63701672df8

    • SHA512

      f1c6e86c681329feda4db846125356ed29c85a97c65db2e4f66411763b13e844bb947b77c2e7e904f1cb5ae12868d4a133e8573557f477fd147952a942a259e2

    • SSDEEP

      1572864:pVuySnEkGve5KGOIBvwOiHmg4qy5A47s5ECkAz0Ii/VjSuHk26ndjpj69FoFYlwu:WySJme5OswOdn3cw7jjHD9FmYh

    Score
    10/10
    discoverydefense_evasionpersistencetrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks