Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
vanta.py
-
Size
73KB
-
Sample
240903-2yl3jazbpk
-
MD5
5794e56a34e5b59f7c0e67d0058ca697
-
SHA1
d0e41e977493589c35a5075f214c9f1b69cd7d9b
-
SHA256
c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562
-
SHA512
63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9
-
SSDEEP
1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93
Static task
static1
Behavioral task
behavioral1
Sample
vanta.py
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
vanta.py
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
vanta.py
-
Size
73KB
-
MD5
5794e56a34e5b59f7c0e67d0058ca697
-
SHA1
d0e41e977493589c35a5075f214c9f1b69cd7d9b
-
SHA256
c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562
-
SHA512
63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9
-
SSDEEP
1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-