Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
22082024110122082024waybilloriginalinvoiceblpackinglistshipment2208202400000pdf.7z
-
Size
66KB
-
Sample
240822-pcwcvswdqb
-
MD5
eba9f676eb9e59df0ae484e5e247f04d
-
SHA1
9e52454ed4aebcfd543fad33f4abdd55e6f61327
-
SHA256
d7d478e5d58684d5842ac05e5ca9f094266d5583aafc7ba280124d114943af89
-
SHA512
b2149b3210d455987dfcd532e8405548eb8dbc86f1f05958d5c2f3faf0decaf7cccea42dac090d1208abf99471c8b8612ded44fe9a8f63288fa2474ef6353379
-
SSDEEP
1536:eS94LxNAlwsRtUuq2eHSSEK/tthddjiugGetCDTj06ixhhKSW9ubKY8:IxsRO/HX/ttDd8CDTjrixm9OB8
Static task
static1
Behavioral task
behavioral1
Sample
waybill_original_invoice_bl_packing_list_shipment_22_08_2024_00000_pdf.vbs
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
waybill_original_invoice_bl_packing_list_shipment_22_08_2024_00000_pdf.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
waybill_original_invoice_bl_packing_list_shipment_22_08_2024_00000_pdf.vbs
-
Size
134KB
-
MD5
597c7745de1949be25d9c4849aa11cb7
-
SHA1
e2001dadfe1233b12c11b8cc1954f9183633a4fb
-
SHA256
31fc0e3296a248e9957c62e4060c92b895ca6ebb0a828e00ab7ef3608c498fb4
-
SHA512
7bb22bc64793ec32363fc409f38830fc101222239a4ee58a97cbfcc00d19a06a5da5a18c3eead92f04f5a3c52505bdb2883f542479858dc2b84653d96d28c2ce
-
SSDEEP
3072:FjGO63YDSdYB51Gy/ABuIWHwxoH0sHXaHb0bIkNTEx29Ojmplsz:NGO63WSdYB51Gy/quNHwaHdHqHb0bIko
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Modify Registry
2