Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
22s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19/07/2024, 11:15
Errors
General
-
Target
script.vbs
-
Size
1KB
-
MD5
2dbbaf0e05557f73d94f363a03d69a46
-
SHA1
c5e5656f3c886d459db584ebcfba51a4b80e90ca
-
SHA256
1fc4c8e8e29b7a384f7201ab32a004d367168d7df40dbf75b3f89b64a7b26723
-
SHA512
beb56c77a4d9e7f43ae2fa21bd90ed0cc88d5b21eddcf973958c4831369c9a67f58b198374ec0c8ec08949b9fceba2874551f146412887c3b574f8a4dad0100b
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 50 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\ConfirmClose.ttf2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\DebugRevoke.jpe2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\desktop.ini2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\FindDebug.xps2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\FindReceive.ADTS2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\FormatSwitch.cab2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\GetResize.inf2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\GrantRegister.vsw2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\InstallConvertTo.mht2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\MountCompress.mpv22⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\MountLimit.jpeg2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\OpenUnprotect.vbs2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\OptimizeEdit.zip2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\PingJoin.ico2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\ProtectEnter.docm2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\RedoTrace.vsx2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\RegisterBackup.3gp2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\RegisterDeny.DVR2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\ResetImport.xlsx2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\RestartResolve.tiff2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\RestorePush.pub2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\SelectCheckpoint.ps12⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\SplitCopy.dib2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\UnregisterUpdate.ppsm2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del/s/q C:\Users\Admin\Desktop\WatchUnregister.vsd2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roamings.vbs"1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\tase.vbs"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" wininit2⤵
-
C:\Windows\system32\wininit.exe"C:\Windows\system32\wininit.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
39B
MD5683dfe35aa1dff3011f8c9ab4cbce03c
SHA10096ea14c6ae595a7b24ad7ca3a666ecedafcad8
SHA25631f19c00142e1d7fa6c153fb72b77a21a1c65899355362b961ba739e0ff5ba41
SHA512ec7773c60ea8881246f241b6ef76e8ce478a4afb578763275066cf046242c725b3ad33ce2adbdba81635087b219b9598c2c325b0d6c3818cec25dc8abf764cb1
-
Filesize
676B
MD5b571cf609f720ad0a79eda45635bb974
SHA1dc78241531a0f52fbbeac3ffa8ed57e34e79820e
SHA256fbfddaf321578f179fc4259362de5f69ced2cdfdc36541fd27dd298ad33f2768
SHA512e0627a43e90779aca60fba4b4875f9792cd3f0a8a81fa371779306f480d647a949c4a2c0202d85740dc7be432d620a2d2e773a1ebbc378cb56ef0265ab77dfa2
-
Filesize
1KB
MD56f06faf9b1d882d384779c40d3452990
SHA1cee630bd6732cc020eef4822e7d8fbdc7fa62b40
SHA256ae25d049bb82d29f1043f7c5f4d1a8ecd34e3c5641ca572b52ab5fb766925e13
SHA512f4e79092be55da72f8b1c80cc3efe5410e63a5b1cae9d32d840867ba769eb91e032dab12998b2fe3e5ebdec9bef9c1f0642c86b06b6b6f88f2efaf01c49dcdb4
-
Filesize
1KB
MD5f9f585b403caf34d5f3f21a4b6bbdac5
SHA15c52bc813c5d79b740f04bb9519287316e337426
SHA256702b36c1497f84ddcce45c987737bdc96f1df2d598cb74d98fdefbe44a4c8468
SHA51270c5082199810f62ea91f4490dd3b2bf6a07ca1e1895de87bb9e5c5dc50fc993ab2ddc05b47b3a6d8a4b77783622a37a9ce8c5f24bda72ef78d433552b58d89b
-
Filesize
1KB
MD5b57b7d02ac7f487f046a5590af649ec0
SHA162c87bd0477455b07269352056975ff4c928fedb
SHA2569672a0ff7f5f32664e14213ab20f1dc8795cb47c099d6112387cd5a38e6f88f4
SHA51242b09d1345e04542bb8ece753d1ca0edfda5adb60b665972bdf26b0709a151aca18b206dbb891b86aaa008486f14bdc15bc300221514d828ead7b5c587b57042
-
Filesize
1KB
MD5ac54bb6b15ecd1124cfd5fb79ccf790a
SHA1e8f77af1d757ddeff4d953b40f961d5c7148964b
SHA256c3f41daec9d697f3a920891fe1bf3173c2a64008e41d58e4efaf8be59d55ba4d
SHA5125714bfcd7f5123161ad6018410c128d0816a4cf5cec322f6ab1f3a9c39eeaddf86eaafca1e557e5c4cde089b8d6d45f7ab35e0310c9fe61381d189c67bef4d20
-
Filesize
1KB
MD5f306594a6d30a137f81bbd13720228ab
SHA1f8c7922e9b4c04ec4318ab90ecf9d7c833a51bf2
SHA2567159c8d42ac6d5012302b60d60888b3c3ceae97e9e97757bdeedc9f52361481c
SHA51216450c32a8ecfd2f0de5364427cd1c48139022a134e68e040e01364eb6df5664cd648ae5b7ebabd0639e363fce606f89adc8a4482700b81d47231a25343a00b9
-
Filesize
1KB
MD5128d7a6d7aa96e1f7cebc4feb9e28d0b
SHA1893f9d7cae6a17af5c0bccd84420e5dc5366a703
SHA256ac2564fa6d6d167328e45e4cd418882e2eb2ae21ecbf70eeda173b1250fd5e8d
SHA512c2702cc547c659aa1cfe31cc399f85d085a3496477257cd3772f2c1aef050ecb0023c23c0679c38786fa2d36c2dbd548274ab72bb4e5d7b35cdbf1614d97b518
-
Filesize
1KB
MD527ce1b82be4cda0e7afcde944b6fd916
SHA1a3821ac26ee5f6cdf4388ad617e3ea29a7f27e2f
SHA2567139e4ef16b558c4d4400e15363856b668c27a1b499411fc143386feb39b6482
SHA51213e85ed5d4761af4c1c0eff569fc5bf86070460ecefe401f104d161de1434f16018ebd7230b6f5b159fb899b436c1bab96d5a913d50f4510ac0e2dc4fdb5cadb
-
Filesize
1KB
MD5f5175e010a6c39066cdb45a098e517b2
SHA136e4ab833c8ddeb1951a4fbe12ee6808c09f2d32
SHA256205ba45acaa36aa36d75a99b15c3f2f681668ee5ba8a0b3d536b3acd1c0634af
SHA512aa843e024598237bd00b37a4b680f7d7176ff4ea7a90295c66fbef488876ae00dd9d7f415612acb507ca1302aff6a2c5c329374c96602ac907e473c6b90c0ec9
-
Filesize
1KB
MD5db490fda7a2b20bfd9be7004088a82a9
SHA1d823141a5ca5231f3792412d0a985323d1339fbd
SHA256901422103cb6464acdfddd90772f666a4868744a1f0c029a939f006628aae86e
SHA512f6fe1d6432ff72506f032b20826a815e4a9e9eb42fd8ecc6bbe8766b437b399851f631c747136c0dd3d56ab1105dc9f9ffb5309a71f4afa6f287a126054a74b2
-
Filesize
1KB
MD51709b1e0016449db2cd5690ed8a47c13
SHA1619454258b5b1144fbcbb1a7cd9f9705b7823724
SHA2569edfdc99d2ebbce5c0ea5003d7372e893a43df9147900d51826ef6d42ee32355
SHA5122b1c8a81e823eeb2775c953f2b2da3adbc5bc5f11be5287fb4be4b9925134a0269c00697f7e29906946876be98d1f4b7c8eddb5ff627895d6d895553e44e9982
-
Filesize
1KB
MD59c8bbdb1740884b4559c1cf9cd3e54b1
SHA1c74a6f43d03733fcaa9d27d7a622c5fd32933086
SHA2566d40bb9d1a22a81464f09cf83ae0f1791e9168ede99b013aae88197fb435bf37
SHA512a1b94ead88dcc18b4255741cd787dea378bfd5315a560aa0140f2fd51849fc88da070c067a0f41c1ba6c0d46c0f4a69571db982cb165b9a3f7877d40cb4332ca
-
Filesize
1KB
MD5dbe89d73755a05f885b2e95a962089e0
SHA1912323e98ae5dd99d8acd4359485a39bb439ef2e
SHA256b7b62209e4098344ce95c732c2fe9ae0103e261b5abe1833cdcb69fb10996f57
SHA51292980a88783bd8f39a3fdd629338add704cd4ca7e07168dfc813f4bf9b9be009858eb6a1b6cc08064689221fd4d733045ac13d0d6ac0b22a170c41d3d64c0ae4
-
Filesize
1KB
MD51bb8c5fe1c00a2824fdcf13bf67244bb
SHA101cb3faf96a22bbce17d8a723feead14d7544200
SHA256a6160543240f1f6e3eac9fbd8ba13c9b5afb27839ea655ab8ae7d50a8aaf60d3
SHA51279c2a409abcef01bfd50f00dce45dfee85c2a237dae84fe636deefda6cde3282ff15ed5e18850500726334c5a04be63c8b259e14daa75dd32c97c2721325df07
-
Filesize
1KB
MD522865f2ded37c56e11c05a1d77cb3b9f
SHA1b967d1e10b219679a52e599fdbf07911a484b4ae
SHA25616601599d96a7ac615b4e69308f2778f17dbd00a1c07e5f01ff24f952b6d1238
SHA512fb72dc7a062f51ee70c66c5c45f20257de93629c61519d89789fb7d02c9262decfe9c7bd82a9de954f0cd6599b1fcfaff7f6797e9e16a019c571b334c4aac30a
-
Filesize
1KB
MD516630301fea894344742b6daad216dba
SHA16649fce81a5f9888fd2c8ab9e5f26f8f79ad5829
SHA256e9c2b448229df6090e6457a4133798ed4ebb3430ddbae339f8d2c11213e6a338
SHA512ce56156be9ef735c9eeaf8beab1db7ca414ab7869a6176a53e4c4d74a78dc6247c2641cb4cccdccf3519c627783ef53373453da9d154b7b0f8f9adb2fb4ae601
-
Filesize
1KB
MD50f49f815d84b220ef8f8e198c7fd286b
SHA18753c993eca29db5dfd4f3f753eb13710c1e255c
SHA256340085658056c5e041d7f1a9cc3b16027651de2cf935bb5c106d7822b01cd9fe
SHA512324bd58e65f0e9440d9c272817d723f442154140b333d769022b79ba743e805c515791e93778fe45f451ce119da086487f2252712fe4f17563815a9e3f090f73
-
Filesize
1KB
MD5b08d5178126b4fac5a0b69f3a666c148
SHA160271d45ba589bba6212aeb97245eafb7ffdbafe
SHA25626a07f86f189a1fd0587164a3d076e4b899b49b05afabba76e4bd3977c2a6552
SHA512d81b03e82d3cb6031b36edb514faad51117e8db6a3c8eb656a0c36f5adea7f2e740a57b02e1395921c4e69889c9e572eb0230c19c8d9618c0e721f35a88ae0ea
-
Filesize
1KB
MD5411a05e412889c475a1df5be2ea32809
SHA1c85b34d37727f4075fe1925b419ed7f9f6225956
SHA256468e6e269ee387e7416457106b142fdc8b8087f0b72c4c5776da35f6bb9bc8ed
SHA51277bbf281ef03735ef20275aebfeb0ece9648b58814f4ebd8e1577f34e686114d5a07ed68d3005209a0733add3b5d092bcfb91fa44b15972082e4a149c60ae750
-
Filesize
1KB
MD5606eaa0c3dbdd01dd2248cff0257e428
SHA1dab28c303473bc7669b98edb142e9c96937d10f6
SHA25694401773adafa162dea5f1c659f7bdd36c2ea34dd7e57a41aababbfafeb9a2e5
SHA512b9441119b68ef12022dcf59974211b3a4ef15c37879cf19b9361b64fa1e6744d86175bc1cec517fe9833452159cb940300569f410f7a4c3c76cb20b7c69cc02a
-
Filesize
136KB