Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

27fb410d5a...18.exe

windows7-x64

7

27fb410d5a...18.exe

windows10-2004-x64

7

$PLUGINSDIR/17561.vbs

windows7-x64

1

$PLUGINSDIR/17561.vbs

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/SkinH.dll

windows7-x64

5

$PLUGINSDIR/SkinH.dll

windows10-2004-x64

5

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/pcpc.vbs

windows7-x64

3

$PLUGINSDIR/pcpc.vbs

windows10-2004-x64

3

$PLUGINSDIR/run.vbs

windows7-x64

3

$PLUGINSDIR/run.vbs

windows10-2004-x64

7

$PLUGINSDI...��.exe

windows7-x64

3

$PLUGINSDI...��.exe

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDIR/Inetc.dll

windows7-x64

3

$PLUGINSDIR/Inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Shell/Norm...le.dll

windows7-x64

1

Shell/Norm...le.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    110s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/run.vbs

  • Size

    128B

  • MD5

    ef270d12f353b94df409fdf9e1dc7868

  • SHA1

    46531b1f2bae7a7cc6dccad524943c6dcecf9219

  • SHA256

    ab6539d229042f0e62871b4d5c8fa4900dd74f0d6b58ebf460649f872a5a24c1

  • SHA512

    04ff9b1476749e4d711b9609ee84db93f1802159a778b2710bce089d2b11f0b377044f6cbfd556091d788d06674034d4b55544ff5047ff2d2c02a4ae3db4f8d7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\run.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\WINDOWS\del.bat
      2⤵
        PID:2540

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads