Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
trigger.vbs
-
Size
75B
-
Sample
240524-v6qmcsdh69
-
MD5
520a3ec50de35a52fe49b645b4af9a9e
-
SHA1
dc244939b8eedae3791b025a1780b9464ede5713
-
SHA256
cdea919cf913a1cb8aa9ef0dc263ddffaabafab4139b154af0cfa801c00fbfe8
-
SHA512
f15bd0410081fd396fb6ac2062f9507f155ebb4babcb604ab5acfd38e32dfeabb57fae4a3718b3c614b8f0dcc3bbb62af7fd1375e121050d36ce515ee400db60
Malware Config
Targets
-
-
Target
trigger.vbs
-
Size
75B
-
MD5
520a3ec50de35a52fe49b645b4af9a9e
-
SHA1
dc244939b8eedae3791b025a1780b9464ede5713
-
SHA256
cdea919cf913a1cb8aa9ef0dc263ddffaabafab4139b154af0cfa801c00fbfe8
-
SHA512
f15bd0410081fd396fb6ac2062f9507f155ebb4babcb604ab5acfd38e32dfeabb57fae4a3718b3c614b8f0dcc3bbb62af7fd1375e121050d36ce515ee400db60
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Registers new Print Monitor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2