Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13082024_1650_patch_08_24_maroc_telecom.vbs
-
Size
85KB
-
Sample
240813-vcp4qsvepc
-
MD5
256ff7496d004c17a81294e45341a696
-
SHA1
45af0de886b8fc54cfd8acfd2b386a77bba63887
-
SHA256
295ef3832bb6ef89c93c39b62542be9f490b74a082c2b06955aa3351c3005002
-
SHA512
b430b6da57b6937c9468cebee49f655b50fa11e3ed57c0c584d50b0d677119f5db2d893a1bcde422e8087af6a92f7aee03d26e3b14e8a3f4ed3ae9221f4a3ac3
-
SSDEEP
96:AF9Gmbz9Lz3a74Tbq2HY0UiAvSHLQV0gUiAvSHmnWLF:AF9GS9LzacThY0UiAvSrQV0gUiAvSxF
Static task
static1
Behavioral task
behavioral1
Sample
13082024_1650_patch_08_24_maroc_telecom.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
13082024_1650_patch_08_24_maroc_telecom.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
13082024_1650_patch_08_24_maroc_telecom.vbs
-
Size
85KB
-
MD5
256ff7496d004c17a81294e45341a696
-
SHA1
45af0de886b8fc54cfd8acfd2b386a77bba63887
-
SHA256
295ef3832bb6ef89c93c39b62542be9f490b74a082c2b06955aa3351c3005002
-
SHA512
b430b6da57b6937c9468cebee49f655b50fa11e3ed57c0c584d50b0d677119f5db2d893a1bcde422e8087af6a92f7aee03d26e3b14e8a3f4ed3ae9221f4a3ac3
-
SSDEEP
96:AF9Gmbz9Lz3a74Tbq2HY0UiAvSHLQV0gUiAvSHmnWLF:AF9GS9LzacThY0UiAvSrQV0gUiAvSxF
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
1Clear Persistence
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1