c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

vanta.py

windows7-x64

3

vanta.py

windows10-2004-x64

8

Sharing

General

Target

vanta.py
Size

73KB
Sample

240903-2yl3jazbpk
MD5

5794e56a34e5b59f7c0e67d0058ca697
SHA1

d0e41e977493589c35a5075f214c9f1b69cd7d9b
SHA256

c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562
SHA512

63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9
SSDEEP

1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

vanta.py

Resource

win7-20240729-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral2

Sample

vanta.py

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  vanta.py
- Size
  
  73KB
- MD5
  
  5794e56a34e5b59f7c0e67d0058ca697
- SHA1
  
  d0e41e977493589c35a5075f214c9f1b69cd7d9b
- SHA256
  
  c79d1c897cf094c2ec43c9a76ebc7139c8ec7ac95775bf0c392116c754847562
- SHA512
  
  63e7f7855108fc4da72854985cde3b321368e47ec2edeb0775dfb9e5464e01254c5622c0cf6657426319a938d67ae5418ecfba8d141e20ea8b2e9afb0eaa9bc9
- SSDEEP
  
  1536:vPrFTlCF3DhoUfVYo85GzCOr8nIVqd3ua93:vTQqU9RzCC8nTd3ua93
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy