Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

E_receipt.vbs

windows7-x64

10

E_receipt.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6c42166e11a471b6c38d717461f566a183d5e1cd0264f84ec85a1ffedb1db84.unknown

  • Size

    1KB

  • Sample

    241009-wnqebavekf

  • MD5

    8d99e1d348c5f8fad79cc5f4ea2a3904

  • SHA1

    64eaa7a6972edf7473d7d3a605d054f0476a2429

  • SHA256

    d6c42166e11a471b6c38d717461f566a183d5e1cd0264f84ec85a1ffedb1db84

  • SHA512

    677e9d4a550f64cdf921d3c422cf7195915597f4738ca24ccd9bfd10535cdec937b0fd80eba1f17273d9ec318c3ae09850dc651ea0d3785cb2910458aebe0194

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

    • Target

      E_receipt.vbs

    • Size

      3KB

    • MD5

      1f7229b717e61580e9baf2830ee7afd0

    • SHA1

      98ade23ab27475f6d62f97a45b76b247075ff421

    • SHA256

      fa4cc3e867b36269dab9161f078565ff9048ac55ea6dccb8a39b5e156009eabf

    • SHA512

      ed233c408b5e7f6948756ff6a7585733055de3ccb3b0408aed31b543a5da722f5e0de949cce3fef1dc22be07aa481205efd5aa2c99959195b3c6ed758e7715f3

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks