Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
shadowscripts.exe
-
Size
1.2MB
-
Sample
230722-xptc2acc6y
-
MD5
b0a79b29052cc5c816336f4b62284d9a
-
SHA1
fbc8b1d5abe62d281e80f469bfbc08f106ad0979
-
SHA256
12e490b358c0fa22c31181112cbef58b4636f287d586b5ffa412facd5fee3693
-
SHA512
a9aed2651024fa97164db592d835e4276e5465007c44a3cbafd305556f1b36fa966bcdf6e87cdd3d4373f9beaf32164a4dabd657a5523735511b23a55e65563a
-
SSDEEP
24576:8D7XBCahuVE5ocC6SC8fsXhugahBsCjz3XH8gohXdHI+1o7R:qlCa4emD6SVfmevjDH8dtHzqR
Static task
static1
Behavioral task
behavioral1
Sample
shadowscripts.exe
Resource
win7-20230712-en
Malware Config
Extracted
njrat
0.7d
stupids
hakim32.ddns.net:2000
hands-social.at.ply.gg:46242
d4529f156f8f79f81b02518c9cf09857
-
reg_key
d4529f156f8f79f81b02518c9cf09857
-
splitter
|'|'|
Targets
-
-
Target
shadowscripts.exe
-
Size
1.2MB
-
MD5
b0a79b29052cc5c816336f4b62284d9a
-
SHA1
fbc8b1d5abe62d281e80f469bfbc08f106ad0979
-
SHA256
12e490b358c0fa22c31181112cbef58b4636f287d586b5ffa412facd5fee3693
-
SHA512
a9aed2651024fa97164db592d835e4276e5465007c44a3cbafd305556f1b36fa966bcdf6e87cdd3d4373f9beaf32164a4dabd657a5523735511b23a55e65563a
-
SSDEEP
24576:8D7XBCahuVE5ocC6SC8fsXhugahBsCjz3XH8gohXdHI+1o7R:qlCa4emD6SVfmevjDH8dtHzqR
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1