61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Goonscript.exe

windows7-x64

8

Goonscript.exe

windows10-2004-x64

8

Sharing

General

Target

Goonscript.exe
Size

6.9MB
Sample

240724-bl69tssgld
MD5

8bb727b07bc152ae905f3fb4ac0f2f76
SHA1

e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8
SHA256

61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088
SHA512

a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e
SSDEEP

98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1

Score

8^/10

discovery evasion execution exploit

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Goonscript.exe

Resource

win7-20240704-en

discovery evasion execution exploit

windows7-x64

29 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Goonscript.exe

Resource

win10v2004-20240709-en

discovery evasion execution exploit

windows10-2004-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Goonscript.exe
- Size
  
  6.9MB
- MD5
  
  8bb727b07bc152ae905f3fb4ac0f2f76
- SHA1
  
  e0e5b8de9c0d72cfbcb8f097faa7fe09de17dba8
- SHA256
  
  61f681746ed31336dde667f4f68314291712fbb0d0df0f52d4919df5f94da088
- SHA512
  
  a05ef5971a9fbeba950425512e699e0cac0873a9b6b2efaae32ee7364bd0d014d3e2bcf698931763f2f06c3567d08987c092bb86d61dea0001bc683572540f0e
- SSDEEP
  
  98304:vAdMOtmUfXgtMR/31ppMwuRUS56WkhaYHkBYbUF6Hhsi/+GDRJ0ite5SKHrrMw+z:vUm44BjYHkBmU0sm70qiLLr7bae0vaK1
Score

8^/10

discovery evasion execution exploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecutionexploit

behavioral2

discoveryevasionexecutionexploit

© 2018-2025

Terms | Privacy