Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13082024_1650_patch_08_24_maroc_telecom.vbs

  • Size

    85KB

  • Sample

    240813-vcp4qsvepc

  • MD5

    256ff7496d004c17a81294e45341a696

  • SHA1

    45af0de886b8fc54cfd8acfd2b386a77bba63887

  • SHA256

    295ef3832bb6ef89c93c39b62542be9f490b74a082c2b06955aa3351c3005002

  • SHA512

    b430b6da57b6937c9468cebee49f655b50fa11e3ed57c0c584d50b0d677119f5db2d893a1bcde422e8087af6a92f7aee03d26e3b14e8a3f4ed3ae9221f4a3ac3

  • SSDEEP

    96:AF9Gmbz9Lz3a74Tbq2HY0UiAvSHLQV0gUiAvSHmnWLF:AF9GS9LzacThY0UiAvSrQV0gUiAvSxF

Malware Config

Targets

    • Target

      13082024_1650_patch_08_24_maroc_telecom.vbs

    • Size

      85KB

    • MD5

      256ff7496d004c17a81294e45341a696

    • SHA1

      45af0de886b8fc54cfd8acfd2b386a77bba63887

    • SHA256

      295ef3832bb6ef89c93c39b62542be9f490b74a082c2b06955aa3351c3005002

    • SHA512

      b430b6da57b6937c9468cebee49f655b50fa11e3ed57c0c584d50b0d677119f5db2d893a1bcde422e8087af6a92f7aee03d26e3b14e8a3f4ed3ae9221f4a3ac3

    • SSDEEP

      96:AF9Gmbz9Lz3a74Tbq2HY0UiAvSHLQV0gUiAvSHmnWLF:AF9GS9LzacThY0UiAvSrQV0gUiAvSxF

    • UAC bypass

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Adds Run key to start application

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

MITRE ATT&CK Enterprise v15

Tasks