Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

virga_sim.vbs

windows10-1703-x64

6

virga_sim.vbs

windows11-21h2-x64

6

Analysis

  • max time kernel
    1485s
  • max time network
    1510s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/06/2024, 19:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virga_sim.vbs

  • Size

    8KB

  • MD5

    abfc83452621ad6ee2c369de90e50e73

  • SHA1

    692055e1b6261ab3f741e421b99a078e9873bd5a

  • SHA256

    ae59d36e53ec379202de90b7cea9d0b61e91e896555397fbdd7f395c56c80e9d

  • SHA512

    381581af3b259e7a155af493735aa5852718081004e511e6ef80c9b1d740241af1931889690d1c725ed4cc09eb44c84f53d38c90da2d90e43d253c2eeb0ab08e

  • SSDEEP

    96:WtYIOJAOwO6JpiPJr6TWLKRY/lqebulNxtZ0jFQELUWFwbSPCzPghKNugn/EAmAc:OXTJxOxOJRYaFtyWELPgKGYalyJqf6

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\virga_sim.vbs"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    PID:3356

Network

  • flag-us
    DNS
    82.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.90.14.23.in-addr.arpa
    IN PTR
    Response
    82.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-82deploystaticakamaitechnologiescom
  • flag-us
    DNS
    97.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.61.62.23.in-addr.arpa
    IN PTR
    Response
    97.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-97deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    80.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    80.90.14.23.in-addr.arpa
    IN PTR
    Response
    80.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-80deploystaticakamaitechnologiescom
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ris.api.iris.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    ris.api.iris.microsoft.com
    IN A
    Response
    ris.api.iris.microsoft.com
    IN CNAME
    ris-prod.trafficmanager.net
    ris-prod.trafficmanager.net
    IN CNAME
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    IN A
    20.234.120.54
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ctldl.windowsupdate.com
    Remote address:
    8.8.8.8:53
    Request
    ctldl.windowsupdate.com
    IN A
    Response
    ctldl.windowsupdate.com
    IN CNAME
    ctldl.windowsupdate.com.delivery.microsoft.com
    ctldl.windowsupdate.com.delivery.microsoft.com
    IN CNAME
    wu-b-net.trafficmanager.net
    wu-b-net.trafficmanager.net
    IN CNAME
    download.windowsupdate.com.edgesuite.net
    download.windowsupdate.com.edgesuite.net
    IN CNAME
    a767.dspw65.akamai.net
    a767.dspw65.akamai.net
    IN A
    23.14.90.80
    a767.dspw65.akamai.net
    IN A
    23.14.90.82
  • flag-us
    DNS
    ris.api.iris.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    ris.api.iris.microsoft.com
    IN A
    Response
    ris.api.iris.microsoft.com
    IN CNAME
    ris-prod.trafficmanager.net
    ris-prod.trafficmanager.net
    IN CNAME
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
    IN A
    20.234.120.54
  • 20.42.73.27:443
    322 B
     7
  • 23.62.61.97:443
    www.bing.com
    tls
    1.8kB
     11.6kB
     23
    17
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
     7.2kB
     17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
     7.2kB
     17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
     7.2kB
     17
    15
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    142.7kB
     4.2MB
     3038
    3030
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls
    1.6kB
     7.2kB
     17
    14
  • 8.8.8.8:53
    82.90.14.23.in-addr.arpa
    dns
    344 B
     727 B
     5
    5

    DNS Request

    82.90.14.23.in-addr.arpa

    DNS Request

    97.61.62.23.in-addr.arpa

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

    DNS Request

    10.27.171.150.in-addr.arpa

    DNS Request

    80.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    356 B
     982 B
     5
    5

    DNS Request

    88.156.103.20.in-addr.arpa

    DNS Request

    ris.api.iris.microsoft.com

    DNS Response

    20.234.120.54

    DNS Request

    55.36.223.20.in-addr.arpa

    DNS Request

    ctldl.windowsupdate.com

    DNS Response

    23.14.90.80
    23.14.90.82

    DNS Request

    ris.api.iris.microsoft.com

    DNS Response

    20.234.120.54

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.