Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

PIC114110.jpg.js

windows7_x64

10

PIC114110.jpg.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PIC114110.jpg.js.zip.zip

  • Size

    15KB

  • Sample

    200708-byhr358qfa

  • MD5

    760ce8ff4c4588332649f5cddfd63f8e

  • SHA1

    11510807c53decae17fa640034d59b3050afe39f

  • SHA256

    2751cbc55a5b05e93f1cf3bc5e08b5034c12ca1f7d3f377e5845fe3837655928

  • SHA512

    019a3bf835154d9d2d74a6adc2af0efead42860527cb434e00ea36549379da314a865d363d16be002b7c0ea406dcc82df0c04afdd68ff714869306a68a04d606

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://217.8.117.63/tstjs.exe

Targets

    • Target

      PIC114110.jpg.js

    • Size

      83KB

    • MD5

      821a6c3122354612133a542992bab324

    • SHA1

      efdbbf3dbeed7f53ccf2b73d7afcc6d16c8ca320

    • SHA256

      370dbeca970b02f6c1a07803c736de0fa30a40851f7a21178eb0bdaa16af61ab

    • SHA512

      6474f350bf4790a681677400019d2540d75468d307535a73f296acb3792fb8b19e14140c6b0ad712cd91d493fdeea59048117d07853f2d6c6f189a906a17dc46

    Score
    10/10
    persistenceevasiontrojanransomware

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks