Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
run.vbs
-
Size
39B
-
Sample
240511-jcxb9sgd82
-
MD5
5573976182c18cae011af2f606551ac6
-
SHA1
4298a86a1011f3ecbbfb6572d191c2c3c074d89c
-
SHA256
aa461f4ff6011b564528c474fa23055b9b0f9f0bf3bfa0402ddf3812f6ff7e80
-
SHA512
4ee0b39331b379bb895df351582578562ac5ea2974c1d524c911cef19573ebe8f634f2746af4c3397f55e10c602103b25cffa76dc7754f8351afbb421b3b8db6
Static task
static1
Behavioral task
behavioral1
Sample
run.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
run.vbs
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
run.vbs
-
Size
39B
-
MD5
5573976182c18cae011af2f606551ac6
-
SHA1
4298a86a1011f3ecbbfb6572d191c2c3c074d89c
-
SHA256
aa461f4ff6011b564528c474fa23055b9b0f9f0bf3bfa0402ddf3812f6ff7e80
-
SHA512
4ee0b39331b379bb895df351582578562ac5ea2974c1d524c911cef19573ebe8f634f2746af4c3397f55e10c602103b25cffa76dc7754f8351afbb421b3b8db6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1