Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
run.vbs
-
Size
1KB
-
Sample
240630-qmezas1hmn
-
MD5
32fb13fef9f5adf8feae5d9b538c2ba9
-
SHA1
aebd08892d4698afee572d7a8fe71af2d3b23647
-
SHA256
29b918a9bb7c8c7f8a03f91f40e5739eaddf1c4ac03a72d3dbd078186638a369
-
SHA512
09968550b8dfe16649ce602debf2762b24f6ad5842a2826ce1c94d4ebe706b47a37372043d726366440d8d7c69510c1af1dd9e258be511c47f43fe193903163a
Static task
static1
Behavioral task
behavioral1
Sample
run.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
run.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
run.vbs
-
Size
1KB
-
MD5
32fb13fef9f5adf8feae5d9b538c2ba9
-
SHA1
aebd08892d4698afee572d7a8fe71af2d3b23647
-
SHA256
29b918a9bb7c8c7f8a03f91f40e5739eaddf1c4ac03a72d3dbd078186638a369
-
SHA512
09968550b8dfe16649ce602debf2762b24f6ad5842a2826ce1c94d4ebe706b47a37372043d726366440d8d7c69510c1af1dd9e258be511c47f43fe193903163a
Score8/10-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-