Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
script.vbs
-
Size
784B
-
Sample
241001-t7ytpatcrf
-
MD5
6c620f860d8abeaa47f87a16cf10329d
-
SHA1
eeb959357c4faac19f13c6fe3b11c80a90a5572a
-
SHA256
a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946
-
SHA512
2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692
Malware Config
Targets
-
-
Target
script.vbs
-
Size
784B
-
MD5
6c620f860d8abeaa47f87a16cf10329d
-
SHA1
eeb959357c4faac19f13c6fe3b11c80a90a5572a
-
SHA256
a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946
-
SHA512
2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692
Score8/10-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Network Share Discovery
Attempt to gather information on host network.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Network Share Discovery
1Password Policy Discovery
1Query Registry
1System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1