Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Request for Quotation MK FMHS.RFQ.10.24.vbs

  • Size

    29KB

  • Sample

    241015-h1jkms1fkc

  • MD5

    4e4a0cf55522747307400f46995c785c

  • SHA1

    6fba2e0b4fa0ada0c8d8a55a50b5e05e5a4668c1

  • SHA256

    08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12

  • SHA512

    71b1014af85207fa1e722238a10dc6511a01527eba1d75d3ce5ee166be83a704043772170572d659206f0f9e48ab56cdbcaedf979c42357a3f8dca3f83b8f174

  • SSDEEP

    384:e5vxs5Mrgr9603OFTxLasx9I98I5xyeQAB+4vkpz215y5aYPVit:e5vxM9TOFTUsxi8CyTXQLWtit

Score
8/10

Malware Config

Targets

    • Target

      Request for Quotation MK FMHS.RFQ.10.24.vbs

    • Size

      29KB

    • MD5

      4e4a0cf55522747307400f46995c785c

    • SHA1

      6fba2e0b4fa0ada0c8d8a55a50b5e05e5a4668c1

    • SHA256

      08397cf6fd972e74c1be43021f5af0e60a031844b92d196b2e9f356e15eb4d12

    • SHA512

      71b1014af85207fa1e722238a10dc6511a01527eba1d75d3ce5ee166be83a704043772170572d659206f0f9e48ab56cdbcaedf979c42357a3f8dca3f83b8f174

    • SSDEEP

      384:e5vxs5Mrgr9603OFTxLasx9I98I5xyeQAB+4vkpz215y5aYPVit:e5vxM9TOFTUsxi8CyTXQLWtit

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks