Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

870be08f46...71.vbs

windows7-x64

10

870be08f46...71.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.zip

  • Size

    1.7MB

  • Sample

    240911-n2hydsydqj

  • MD5

    19ba7a6c9917ad616873b47453fdf4c2

  • SHA1

    1abb611a81535a0d27958c8ee2c3f2744f0ffdb4

  • SHA256

    2de688735caaaff53236896a834ff7ae39b0e22da08bf459d0954b54d61ca692

  • SHA512

    c70b8819eeaff625095980f693f451ede5a690562e8e2c8bf9610ff91d90047d2ea452b1ef0816de3607b529a14a48a0487bfe75961a0d228d0732c8f281ad4f

  • SSDEEP

    49152:iBDko5Z4g7oGNdwA10BJM4iDus3M3erA3Jsb:kDJ5noGNf8W4nsWZ3Kb

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.vbs

    • Size

      2.4MB

    • MD5

      bd7a77c470549aad52435b8b7b785c36

    • SHA1

      b18ff781161ff4c4bb3e91825053bed3d280ed20

    • SHA256

      870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371

    • SHA512

      7217805ec612b984672c4cd498b0cc3d8e9cc463fab70bef0fdd96276f1fe93425e03777999c266a876161444699bb09738d2b19154b378316af6118cc48445a

    • SSDEEP

      49152:xBy7kDIlpNx0KQTuJlDl7QVqXhmfOUJ3bapil:a1o

    Score
    10/10
    discoverypersistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks