Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
1brave.bat
windows7-x64
1brave.bat
windows10-2004-x64
1brave.ps1
windows7-x64
1brave.ps1
windows10-2004-x64
1brave.vbs
windows7-x64
3brave.vbs
windows10-2004-x64
7notepad.bat
windows7-x64
1notepad.bat
windows10-2004-x64
1notepad.ps1
windows7-x64
1notepad.ps1
windows10-2004-x64
1notepad.vbs
windows7-x64
3notepad.vbs
windows10-2004-x64
7Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2023, 11:16
Static task
static1
Behavioral task
behavioral1
Sample
brave.bat
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
brave.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
brave.ps1
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
brave.ps1
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
brave.vbs
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
brave.vbs
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
notepad.bat
Resource
win7-20231020-en
Behavioral task
behavioral8
Sample
notepad.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
notepad.ps1
Resource
win7-20231025-en
Behavioral task
behavioral10
Sample
notepad.ps1
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
notepad.vbs
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
notepad.vbs
Resource
win10v2004-20231023-en
General
-
Target
brave.vbs
-
Size
4KB
-
MD5
b375f095bb00bcf3881929860a94c23b
-
SHA1
166d303afd6ee436ff78ac5b31ce12b6bfd5dd36
-
SHA256
fa37cc67fae3dc9ec9e14f11c08b4b9f83749f465770bed54969e867f78715d6
-
SHA512
6965ec1a64d911b9ef7298cb7f386d39a1c4fc105f0b0acb4f6cdf87d94d31af4208613047f7aa5d9275699854cd923feddb59f32b9131387609252ab09a45cc
-
SSDEEP
48:/XmDGg/zzzzzzzzzzzzA8K9ht8Q4OmWBhJWDyCnveaF:qK9ht8QQWu79F
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4324 wrote to memory of 3456 4324 WScript.exe 83 PID 4324 wrote to memory of 3456 4324 WScript.exe 83 PID 3456 wrote to memory of 1064 3456 net.exe 85 PID 3456 wrote to memory of 1064 3456 net.exe 85
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\brave.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session2⤵
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session3⤵PID:1064
-
-