Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

1afa97a4a2...16.vbs

windows7-x64

8

1afa97a4a2...16.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7dfd8643db03575d693bc1b869db804d.bin

  • Size

    13KB

  • Sample

    240202-bvhb3adabp

  • MD5

    6c55b807c6768d76a85967072952f7a1

  • SHA1

    6e2845c71a29c35d005ac4f718bb8769402c8f69

  • SHA256

    b8e48c5ea0ed4ffaeda18f0ac9044a5da59db2a703bb86f859b377240575a2ef

  • SHA512

    af15c10814b898dc8d1743d9a2a72d3d765f97dc746cb4bf482922e99f1a96e615df12090f8668938b4fd23dfa3aaf580613dc1eba8538ac3e37dc57bdbf8239

  • SSDEEP

    384:WA4FZIw4IZXy+c5ELUkIEywRFZh4RgWwxu3MxV0ZFj:WYqSCYFErB4Rwxu3MxUj

Score
8/10
persistence

Malware Config

Targets

    • Target

      1afa97a4a2c1d6bae74b4b76298b85de076a084bcee539b9503a3d4bd1d13016.vbs

    • Size

      27KB

    • MD5

      7dfd8643db03575d693bc1b869db804d

    • SHA1

      f4ac1dba10c97ea3d73ca06655bb59d12b6dda90

    • SHA256

      1afa97a4a2c1d6bae74b4b76298b85de076a084bcee539b9503a3d4bd1d13016

    • SHA512

      723acd7a90ae8ef21b581c950781067f48200e244531ce276f0c48c955d88a25b618b8ec07de0e3e8e719e7556186c63fd46cb5a22d430cc090d46d98a722f01

    • SSDEEP

      384:4TFS6TUL9BSzLsMUNQZK235QSKpZZnvggiQi1PLltwGRKCst:4Tg6T09B48NQZV35gyQipLlzRKR

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks