Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/10/2022, 18:09
221018-wrfz2sghbn 817/10/2022, 19:36
221017-ybehdsdafk 814/10/2022, 20:42
221014-zhfvgaedb6 814/10/2022, 20:26
221014-y729bsech2 8Analysis
-
max time kernel
273s -
max time network
191s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
18/10/2022, 18:09
General
-
Target
JsSample.js
-
Size
67KB
-
MD5
c98cc414b7864a85adbc80ba22fb4a6e
-
SHA1
5bd51af7cb17ace046cd550ebab510edeec1c7e6
-
SHA256
22abdd10ff3c59e964da9dad771af09be87ac85719b0702ff63ddd5f2fbc3b94
-
SHA512
0924c3751c1955423b41ed8c5ce5d149dc247d2ed03860e39d5ca10c6ca1319cba93ddafb83a5b1b2fc0cf8d51cecea4c886317b31e6277dec86bf7fac3e00e8
-
SSDEEP
1536:n4YlV2fwId2Nte9W2ZtrUNvTJnCv13TuAP1J9EnAwaUX:mfwId2eW2ZCdNCX8aUX
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\JsSample.js1⤵
- Blocklisted process makes network request
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\System32\Notepad.exe"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Local\Temp\JsSample.js1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\JsSample.js"1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\JsSample.js"1⤵
-
C:\Windows\System32\CScript.exe"C:\Windows\System32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\JsSample.js"1⤵