df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

df6093cc83...ec.vbs

windows7-x64

8

df6093cc83...ec.vbs

windows10-2004-x64

8

Sharing

General

Target

df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec
Size

4KB
Sample

221121-vhyytsac58
MD5

21dea128e711313098d82c5c5be4f0e0
SHA1

396275c129f66afa3f17a7b71a4ef6c20e9b2d7a
SHA256

df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec
SHA512

51773370565ca927e0416287bbac87774aa93781c2c0556b3b7ef128fa09365d6d62a24c2da276c1693ce0ab0679850a9b46488b23fea24a29532d45b34a7bfe
SSDEEP

96:ffJwI7iv7wAbiPtb5UQG4OmDp/otZRvxDEAfExD9TQuDGm59QyPv+J/PEmZeAeiB:fBx7ivcAbAwJcV/otZMAcxDXDjT/P2Jr

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec.vbs

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec.vbs

Resource

win10v2004-20221111-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec
- Size
  
  4KB
- MD5
  
  21dea128e711313098d82c5c5be4f0e0
- SHA1
  
  396275c129f66afa3f17a7b71a4ef6c20e9b2d7a
- SHA256
  
  df6093cc8395612fbbd4363266ff5c78ce332367b4230866380f722296a9cdec
- SHA512
  
  51773370565ca927e0416287bbac87774aa93781c2c0556b3b7ef128fa09365d6d62a24c2da276c1693ce0ab0679850a9b46488b23fea24a29532d45b34a7bfe
- SSDEEP
  
  96:ffJwI7iv7wAbiPtb5UQG4OmDp/otZRvxDEAfExD9TQuDGm59QyPv+J/PEmZeAeiB:fBx7ivcAbAwJcV/otZMAcxDXDjT/P2Jr
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy