Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 11:16

General

  • Target

    brave.vbs

  • Size

    4KB

  • MD5

    b375f095bb00bcf3881929860a94c23b

  • SHA1

    166d303afd6ee436ff78ac5b31ce12b6bfd5dd36

  • SHA256

    fa37cc67fae3dc9ec9e14f11c08b4b9f83749f465770bed54969e867f78715d6

  • SHA512

    6965ec1a64d911b9ef7298cb7f386d39a1c4fc105f0b0acb4f6cdf87d94d31af4208613047f7aa5d9275699854cd923feddb59f32b9131387609252ab09a45cc

  • SSDEEP

    48:/XmDGg/zzzzzzzzzzzzA8K9ht8Q4OmWBhJWDyCnveaF:qK9ht8QQWu79F

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\brave.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Windows\System32\net.exe
      "C:\Windows\System32\net.exe" session
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3456
      • C:\Windows\system32\net1.exe
        C:\Windows\system32\net1 session
        3⤵
          PID:1064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads