Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
target.vbs
-
Size
828B
-
Sample
241002-dnezgatgqq
-
MD5
333ac8009978dfe4bc0e7ea72ad31289
-
SHA1
a8bc098f840e1b0faadb82d1087cf571e979a80d
-
SHA256
087315508cc43b632dae4750608cf107dfd454e2beacb03eeb4b43d013906d3d
-
SHA512
9a3886771f4b12576d9e155077b968b63932689a42e31e2d32642d6a9a46030e2157ea4da58bfddae5a6b37200174a990095e6f9776411a59f8b302fb7a42f9d
Malware Config
Targets
-
-
Target
target.vbs
-
Size
828B
-
MD5
333ac8009978dfe4bc0e7ea72ad31289
-
SHA1
a8bc098f840e1b0faadb82d1087cf571e979a80d
-
SHA256
087315508cc43b632dae4750608cf107dfd454e2beacb03eeb4b43d013906d3d
-
SHA512
9a3886771f4b12576d9e155077b968b63932689a42e31e2d32642d6a9a46030e2157ea4da58bfddae5a6b37200174a990095e6f9776411a59f8b302fb7a42f9d
Score9/10-
Renames multiple (869) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Network Share Discovery
Attempt to gather information on host network.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1