Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    script.vbs

  • Size

    784B

  • Sample

    241001-t7ytpatcrf

  • MD5

    6c620f860d8abeaa47f87a16cf10329d

  • SHA1

    eeb959357c4faac19f13c6fe3b11c80a90a5572a

  • SHA256

    a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946

  • SHA512

    2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692

Malware Config

Targets

    • Target

      script.vbs

    • Size

      784B

    • MD5

      6c620f860d8abeaa47f87a16cf10329d

    • SHA1

      eeb959357c4faac19f13c6fe3b11c80a90a5572a

    • SHA256

      a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946

    • SHA512

      2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

MITRE ATT&CK Enterprise v15

Tasks