Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 14:12

General

  • Target

    file.vbs

  • Size

    561B

  • MD5

    db61fb8acb8e3cda1942e9ded99d8ba8

  • SHA1

    f8495b7a9d23d48a10b9ce10442544a7824642e1

  • SHA256

    1ff5e36a587225e3f74f4b51ef29164a2e3807a32183a18eba9261a69c093634

  • SHA512

    82e74cf57ea89bedbdccd6991c09cb5edcfd38d5f9a5ef0ed85906fab9716e10626132592da67c2f268bce2311e56835803a71337123ddd7891d5028e194a2f4

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file.vbs"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    PID:1892
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4a0 0x498
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

    Filesize

    64KB

    MD5

    987a07b978cfe12e4ce45e513ef86619

    SHA1

    22eec9a9b2e83ad33bedc59e3205f86590b7d40c

    SHA256

    f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

    SHA512

    39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b