Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs
-
Size
25KB
-
Sample
240608-b1hvsafc2z
-
MD5
e21aac072a10d80842d362743e1ffa59
-
SHA1
d8b3aeffe2eedc17e06bafecd26b603c6a8908b9
-
SHA256
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde
-
SHA512
7046ea4afb9ce9b490bf4fd7f2db533bded2eefc88dc64a80809f5e7fef6d184b2259a15cb06f6f1ebb92dcbd1a9b5f8d471ae1201557d07075827ad2a7ffa78
-
SSDEEP
384:r0Dk2uAnMKYHzkvaZGxeecfCPNPh7ZbIxUXGDZ6SMTXJ7pZXi7m4d4ud0oekM25z:r0o2/YHocW9ZUxa6K5i5B75aFzoWLv3K
Static task
static1
Behavioral task
behavioral1
Sample
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde.vbs
-
Size
25KB
-
MD5
e21aac072a10d80842d362743e1ffa59
-
SHA1
d8b3aeffe2eedc17e06bafecd26b603c6a8908b9
-
SHA256
dbaf0103b94b49370b87cfdf0feb19811e3373da314b065d8068fab0bc003fde
-
SHA512
7046ea4afb9ce9b490bf4fd7f2db533bded2eefc88dc64a80809f5e7fef6d184b2259a15cb06f6f1ebb92dcbd1a9b5f8d471ae1201557d07075827ad2a7ffa78
-
SSDEEP
384:r0Dk2uAnMKYHzkvaZGxeecfCPNPh7ZbIxUXGDZ6SMTXJ7pZXi7m4d4ud0oekM25z:r0o2/YHocW9ZUxa6K5i5B75aFzoWLv3K
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-