ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

otoke.vbs

windows10-2004-x64

Sharing

General

Target

otoke.vbs
Size

27KB
Sample

231012-2ns34adh8v
MD5

ca04e20c7652a5ca78f73918591c2d87
SHA1

1718223db20fa1383aef308f76aa87bae002d662
SHA256

ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38
SHA512

b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574
SSDEEP

768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

otoke.vbs

Resource

win10v2004-20230915-es

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  otoke.vbs
- Size
  
  27KB
- MD5
  
  ca04e20c7652a5ca78f73918591c2d87
- SHA1
  
  1718223db20fa1383aef308f76aa87bae002d662
- SHA256
  
  ffc7197524bf47757b756546e880c089875a549fddd20a5e1cef0d7e7b281c38
- SHA512
  
  b2a6d36f2456007748b2125233e9a7e0206948bd841eb444f029edcb2c171409b25d1108c2643385bf762d1c291b4265ce7d57003b2f266e1c6d07750d0fd574
- SSDEEP
  
  768:0QgdN5RyiUiK3IfJO37NwNGFFNWePDUirUif3IhBN6sEx:9Am
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy