Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
INV_#501424.vbs
-
Size
156KB
-
Sample
240516-sy7jssbe53
-
MD5
0ea6d70981985cb750a71edfe0c89a00
-
SHA1
f1f9e60ea211836560ba99222769dcb31636d78d
-
SHA256
95c56959e33f8329d72526f00595a2d965d5b9953ddf4c17ba78e9de7ab4e40d
-
SHA512
7107125213d886f5fd6f987b31466a2f19b0f79d880cfc6ef77badc8fa094ea68180f18eda4c0f36cb277fcf43c701ede1a9c0c6c6b9dd44ce4753060e1b91ba
-
SSDEEP
1536:9zt+Qd99CObilCocEW1aJK66n5yhtW0/5JpWn4cRfz8Exg0BLbUZlu9gISsRk5:zJdA9JK6X/vcTg0BLcX
Static task
static1
Behavioral task
behavioral1
Sample
INV_#501424.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
INV_#501424.vbs
Resource
win10v2004-20240508-en
Malware Config
Extracted
xworm
3.1
216.250.253.35:7000
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
INV_#501424.vbs
-
Size
156KB
-
MD5
0ea6d70981985cb750a71edfe0c89a00
-
SHA1
f1f9e60ea211836560ba99222769dcb31636d78d
-
SHA256
95c56959e33f8329d72526f00595a2d965d5b9953ddf4c17ba78e9de7ab4e40d
-
SHA512
7107125213d886f5fd6f987b31466a2f19b0f79d880cfc6ef77badc8fa094ea68180f18eda4c0f36cb277fcf43c701ede1a9c0c6c6b9dd44ce4753060e1b91ba
-
SSDEEP
1536:9zt+Qd99CObilCocEW1aJK66n5yhtW0/5JpWn4cRfz8Exg0BLbUZlu9gISsRk5:zJdA9JK6X/vcTg0BLcX
Score10/10-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-