Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Goonscript.exe
-
Size
6.9MB
-
Sample
240724-bl69tssgld
-
MD5
8bb727b07bc152ae905f3fb4ac0f2f76
-
SHA1
e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8
-
SHA256
61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088
-
SHA512
a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e
-
SSDEEP
98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1
Static task
static1
Behavioral task
behavioral1
Sample
Goonscript.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
Goonscript.exe
-
Size
6.9MB
-
MD5
8bb727b07bc152ae905f3fb4ac0f2f76
-
SHA1
e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8
-
SHA256
61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088
-
SHA512
a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e
-
SSDEEP
98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2