Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    run.vbs

  • Size

    39B

  • Sample

    240511-jcxb9sgd82

  • MD5

    5573976182c18cae011af2f606551ac6

  • SHA1

    4298a86a1011f3ecbbfb6572d191c2c3c074d89c

  • SHA256

    aa461f4ff6011b564528c474fa23055b9b0f9f0bf3bfa0402ddf3812f6ff7e80

  • SHA512

    4ee0b39331b379bb895df351582578562ac5ea2974c1d524c911cef19573ebe8f634f2746af4c3397f55e10c602103b25cffa76dc7754f8351afbb421b3b8db6

Malware Config

Targets

    • Target

      run.vbs

    • Size

      39B

    • MD5

      5573976182c18cae011af2f606551ac6

    • SHA1

      4298a86a1011f3ecbbfb6572d191c2c3c074d89c

    • SHA256

      aa461f4ff6011b564528c474fa23055b9b0f9f0bf3bfa0402ddf3812f6ff7e80

    • SHA512

      4ee0b39331b379bb895df351582578562ac5ea2974c1d524c911cef19573ebe8f634f2746af4c3397f55e10c602103b25cffa76dc7754f8351afbb421b3b8db6

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks