Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Scribe_4.10.5.msi

windows7-x64

6

Scribe_4.10.5.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scribe_4.10.5.msi

  • Size

    81.8MB

  • Sample

    241009-w78d8s1erk

  • MD5

    010394b91ce56a6835ba9f69375d7f81

  • SHA1

    56cbb6c0e22b69e9f4a14ee16106a090ec75b4b1

  • SHA256

    392062387237180f947774e21e0b154d46155416a7a81e780f0c79664cb9b570

  • SHA512

    35986e0afb5016ab48477c296c1136e13cfec8cf45eb8d35d56ee7df463f8e13e7888861ce7e5e27a3fdaf31e64e6da8d12ae9b8e421e7ab1fcda9f6aca7098f

  • SSDEEP

    1572864:kd8rwbiwRUE9g4rc636T/zCRHZ/DYdqgMtsBkmGFjXeYPtUyqSO:kuwbitognS6Tmld1nC9G1XeYg

Score
8/10
discoveryexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Scribe_4.10.5.msi

    • Size

      81.8MB

    • MD5

      010394b91ce56a6835ba9f69375d7f81

    • SHA1

      56cbb6c0e22b69e9f4a14ee16106a090ec75b4b1

    • SHA256

      392062387237180f947774e21e0b154d46155416a7a81e780f0c79664cb9b570

    • SHA512

      35986e0afb5016ab48477c296c1136e13cfec8cf45eb8d35d56ee7df463f8e13e7888861ce7e5e27a3fdaf31e64e6da8d12ae9b8e421e7ab1fcda9f6aca7098f

    • SSDEEP

      1572864:kd8rwbiwRUE9g4rc636T/zCRHZ/DYdqgMtsBkmGFjXeYPtUyqSO:kuwbitognS6Tmld1nC9G1XeYg

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalation

    • Creates new service(s)

      persistenceexecution

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Installer Packages

1
T1546.016

Defense Evasion

Modify Registry

1
T1112

System Binary Proxy Execution

1
T1218

Msiexec

1
T1218.007

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks