Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Por ello l... M.vbs

windows7-x64

10

Por ello l... M.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Por ello le recordamos que se encuentra en mora con sus obligaciones, por un valor adeudado de DOS MILLONES NOVECIENTOS OCHENTA Y SIETE MIL QUINIENTOS PESOS 22024D7896FF25F10DF3520147178963502.mal

  • Size

    300KB

  • Sample

    230904-pnwsrsga8z

  • MD5

    cd48e75225fd9a8762894d3e92aa1ded

  • SHA1

    df362d3ca4f4e92ff8888eee0884c5970f6135e8

  • SHA256

    745231f0f88524544d0892fe6d78c4b112afd12586fbba5cce706a3af5e86099

  • SHA512

    dc1dd71980bf939e1df36b0e8264a10bd6db8da220ea946abb67031b0b1d45c458f67c83e9788e2c120ad5285db5bdc221057b90f4392f76de2df71775203f2c

  • SSDEEP

    6144:EX+DDhc9YG2gf1RyUTn2ObTw6Pp2CzGNQn3KdumLhBsL0y/o/a/hRHR/RZRVozz6:EX+DDhc9YG2gf1RyUTn2ObTw6Pp2CzGy

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

    • Target

      Por ello le recordamos que se encuentra en mora con sus obligaciones, por un valor adeudado de DOS MILLONES NOVECIENTOS OCHENTA Y SIETE MIL QUINIENTOS PESOS 22024D7896FF25F10DF3520147178963502.mal

    • Size

      300KB

    • MD5

      cd48e75225fd9a8762894d3e92aa1ded

    • SHA1

      df362d3ca4f4e92ff8888eee0884c5970f6135e8

    • SHA256

      745231f0f88524544d0892fe6d78c4b112afd12586fbba5cce706a3af5e86099

    • SHA512

      dc1dd71980bf939e1df36b0e8264a10bd6db8da220ea946abb67031b0b1d45c458f67c83e9788e2c120ad5285db5bdc221057b90f4392f76de2df71775203f2c

    • SSDEEP

      6144:EX+DDhc9YG2gf1RyUTn2ObTw6Pp2CzGNQn3KdumLhBsL0y/o/a/hRHR/RZRVozz6:EX+DDhc9YG2gf1RyUTn2ObTw6Pp2CzGy

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks