Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    78c839524d9027043b84f28cae2b5d3f376f6318d29732ebc553a4a6595eff00.vbs

  • Size

    25KB

  • Sample

    240607-b9c1wsff7s

  • MD5

    ecdc12be2020c1f7e5717bc672a55037

  • SHA1

    f20edefa4b90096e9a6c3fa52c83a36f1d29c139

  • SHA256

    78c839524d9027043b84f28cae2b5d3f376f6318d29732ebc553a4a6595eff00

  • SHA512

    2478158edcdbdd9dab60fe942acc69465c8ecbf727cfc34180a3519380f40d789a9f0d726677014a313c074b9ef855028de7283da8dd7499e631355ba7bb8a76

  • SSDEEP

    384:Gxk2uAnx4nmWDO2xOoNfSWuEBINfPDlrqhqW8J8fIKy+j6YwZ/FPT:Gq20xDpdNaaBKfPhCqWNRy+j6PXT

Score
8/10

Malware Config

Targets

    • Target

      78c839524d9027043b84f28cae2b5d3f376f6318d29732ebc553a4a6595eff00.vbs

    • Size

      25KB

    • MD5

      ecdc12be2020c1f7e5717bc672a55037

    • SHA1

      f20edefa4b90096e9a6c3fa52c83a36f1d29c139

    • SHA256

      78c839524d9027043b84f28cae2b5d3f376f6318d29732ebc553a4a6595eff00

    • SHA512

      2478158edcdbdd9dab60fe942acc69465c8ecbf727cfc34180a3519380f40d789a9f0d726677014a313c074b9ef855028de7283da8dd7499e631355ba7bb8a76

    • SSDEEP

      384:Gxk2uAnx4nmWDO2xOoNfSWuEBINfPDlrqhqW8J8fIKy+j6YwZ/FPT:Gq20xDpdNaaBKfPhCqWNRy+j6PXT

    Score
    8/10
    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks