Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Sontheimer...ce.vbs

windows7-x64

8

Sontheimer...ce.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5265d1c46a8ba04c8e10b35461ec00876119de4ca1b2e4a0a5bb3b973cc0b8f

  • Size

    63KB

  • Sample

    250328-k96gwawl18

  • MD5

    f12b239cc8ce0003b613cdecdd364143

  • SHA1

    b512673c2e8df9efc3c5f614c3be8316644777a1

  • SHA256

    b5265d1c46a8ba04c8e10b35461ec00876119de4ca1b2e4a0a5bb3b973cc0b8f

  • SHA512

    a3c4f86e49f4058f26b72ca68a3c93ace68966b292c8261ae5d17d00f6ebe3ac5d0b0934f82326939a4067d4df34e118cd2261d573e51b900e8af633eb4162e2

  • SSDEEP

    1536:BeszBPRb/HBSX0BxQXfT8k4dfn+Cpa/cBBc87:BeIB/HBoJb8k4cMr

Score
8/10
collectiondiscoveryexecution

Malware Config

Targets

    • Target

      Sontheimer Proforma invoice.vbs

    • Size

      182KB

    • MD5

      beaf990fccbf28017a6e72ec92efeb43

    • SHA1

      4a9d9dbe2bdf4736cfc8f81c792e6d7c6cb7f1e7

    • SHA256

      2440d2269a8723ad47733885b1d51745828fa12710b6c3d3fad11d3010f7a89f

    • SHA512

      d7d5927648778a02b3b0320f714eba68ecfde4c80eccf699752b76f62404c58917809e9ca882f2d602068bdcaa9734fa1c707a1f6aea2c18b7c441641953de09

    • SSDEEP

      3072:69xHo0x7TLFPZZNV8wIxjdVHKp2DNjSElqHfhPy9iwb:69VxLhZV8wIxhVG0N8Hfe

    Score
    8/10
    discoveryexecutioncollection

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks