ee2a2b418e82683de196beb5d4f6cb213e7579d783b06b9949f4a988f515b324 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

01799099.exe.vbs

windows7-x64

6

01799099.exe.vbs

windows10-2004-x64

Sharing

General

Target

01799099.exe.vbs
Size

1.1MB
Sample

230609-j4earscc81
MD5

584f03161a17b36b2f5163dd85bc0b77
SHA1

04dad07d0146ff09c0dacc3f248dbda16055a609
SHA256

ee2a2b418e82683de196beb5d4f6cb213e7579d783b06b9949f4a988f515b324
SHA512

530ef231a0fea29700d8bbffa5ed40b4cc05b96323fcbd853e86f050362d84f8a5250387f86a47ec0f103a76b00bada9c352a3c6c76736740984732c184003ff
SSDEEP

24576:gjSdueeKiZeXA940z802o5mNBriKgcdgUixQsUgk:gjSduKCeA2oqdJqfk

Score

10^/10

discovery evasion exploit persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

01799099.exe.vbs

Resource

win7-20230220-en

persistence ransomware

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

01799099.exe.vbs

Resource

win10v2004-20230220-en

discovery evasion exploit persistence ransomware trojan

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  01799099.exe.vbs
- Size
  
  1.1MB
- MD5
  
  584f03161a17b36b2f5163dd85bc0b77
- SHA1
  
  04dad07d0146ff09c0dacc3f248dbda16055a609
- SHA256
  
  ee2a2b418e82683de196beb5d4f6cb213e7579d783b06b9949f4a988f515b324
- SHA512
  
  530ef231a0fea29700d8bbffa5ed40b4cc05b96323fcbd853e86f050362d84f8a5250387f86a47ec0f103a76b00bada9c352a3c6c76736740984732c184003ff
- SSDEEP
  
  24576:gjSdueeKiZeXA940z802o5mNBriKgcdgUixQsUgk:gjSduKCeA2oqdJqfk
Score

10^/10

persistence ransomware discovery evasion exploit trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware

behavioral2

discoveryevasionexploitpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy