Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs
-
Size
94KB
-
Sample
240614-cktssavgjq
-
MD5
66c0c207765523294187befd66a47dc2
-
SHA1
cfd79ed6d1aec979057765627f26bf8f417dfcba
-
SHA256
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e
-
SHA512
dbb383db3fe021c8832cdffe346ec91bc8a79102ff101aad10bfdd21b3d04638c371a384620928c61024ad84d3ea08c55d70c435c68dc04e025b59919b5d58ec
-
SSDEEP
384:Q/dszVk6cjlJgyjlJAGB87K5NznC7Ol8EJ82I:5zVgfvjl0Wuzg82I
Static task
static1
Behavioral task
behavioral1
Sample
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e.vbs
-
Size
94KB
-
MD5
66c0c207765523294187befd66a47dc2
-
SHA1
cfd79ed6d1aec979057765627f26bf8f417dfcba
-
SHA256
f2061ea9095fd5505fd3812502961c20f5c32b3452b35450728a9f3e0bdbae4e
-
SHA512
dbb383db3fe021c8832cdffe346ec91bc8a79102ff101aad10bfdd21b3d04638c371a384620928c61024ad84d3ea08c55d70c435c68dc04e025b59919b5d58ec
-
SSDEEP
384:Q/dszVk6cjlJgyjlJAGB87K5NznC7Ol8EJ82I:5zVgfvjl0Wuzg82I
Score8/10-
Adds policy Run key to start application
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-