Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1494601d2a...e4.vbs

windows7-x64

3

1494601d2a...e4.vbs

windows10-2004-x64

3

Analysis

  • max time kernel
    167s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4.vbs

  • Size

    534B

  • MD5

    76da5805a167c985041e3e4153f88939

  • SHA1

    8c8e6732979e8da3bede00917d7c2022f0160ce4

  • SHA256

    1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4

  • SHA512

    3a4b94c5d3f14fecbe360a5b9506bc25110ada3049834ab7dcb0c1fef83731d61e5d05e763623caa56319b053f79114a306fbba575ab106fc13bb939d42de7a1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1494601d2a69cddc7c76336c026080a422892711438a532447b7e22eaa30cde4.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.97dn.com/?tc
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd838846f8,0x7ffd83884708,0x7ffd83884718
        3⤵
          PID:3228
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
          3⤵
            PID:2132
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1260
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
            3⤵
              PID:3060
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
              3⤵
                PID:1908
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
                3⤵
                  PID:4552
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
                  3⤵
                    PID:2232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
                    3⤵
                      PID:4076
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 /prefetch:8
                      3⤵
                        PID:4224
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                        3⤵
                          PID:644
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
                          3⤵
                            PID:3036
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 /prefetch:8
                            3⤵
                              PID:1040
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
                              3⤵
                                PID:4216
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10024034786387915542,232094308804179225,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
                                3⤵
                                  PID:2292
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.97wg.com/?tc
                                2⤵
                                • Suspicious use of WriteProcessMemory
                                PID:1536
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd838846f8,0x7ffd83884708,0x7ffd83884718
                                  3⤵
                                    PID:2768
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8811093651959248710,5178621378196273350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
                                    3⤵
                                      PID:2888
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8811093651959248710,5178621378196273350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2172
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.wgxzb.net/?tc
                                    2⤵
                                      PID:2708
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd838846f8,0x7ffd83884708,0x7ffd83884718
                                        3⤵
                                          PID:852
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:3192

                                      Network

                                      MITRE ATT&CK Enterprise v6

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                        Filesize

                                        471B

                                        MD5

                                        d74f887f7a680d06f027478f34f8ef90

                                        SHA1

                                        69869cb5fabb9f3ea483e7e789ed885d3c131f40

                                        SHA256

                                        f106a7af863c23c035166502a840e95f549b40ba1eded37331d5b8b6ce860827

                                        SHA512

                                        79069de009e62222476d863780b92c7a09f2567c3b79ccc8aeb0591b7f07f01b711c6c16c903c41af9b31235bbd5394b07ef54c81a026afdcdf9dd7fdeb18e4a

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                        Filesize

                                        446B

                                        MD5

                                        0990013f7d6d685c07806d3e34f95ce3

                                        SHA1

                                        406adab177cdc9c05678f24ea0470514e65c50b0

                                        SHA256

                                        0fa7fcae36e8cde9c41f35a87c7e72215f2f35ff485e6645eae631d32318e45e

                                        SHA512

                                        ee7cd2a1d2de122cb353f96c7ac5bc509d6fd5ba225d32122d1a98cdc6276469b68f295273ce25470edb8c9c77f675ae4621149f8568fc6ef328c038e66ede77

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        d492567d4611438b2f936ddcaa9544ef

                                        SHA1

                                        ae88af380bbeb5e05a0446163a5434d70710f853

                                        SHA256

                                        0cba2ccfcfff09f076de767bf8df52485a8ac4b29cd3d14d53b23fdad2da3645

                                        SHA512

                                        150794b8598594ac00f827996e62d84b9331f1e35386e908485181204e823e8e5802fa543b53aca4d3046d176eaf4ee1dcb4df211589ea2fedac46170f162f48

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        18ad3a99cbd5ddc6b806e98374137f92

                                        SHA1

                                        03b6e4402a81fc0585430539a6d4a208b6ca9020

                                        SHA256

                                        b4f8afdb8ec7975ab4f4bff3a5c1fcab389dee2b9eb38b9603099d500457145f

                                        SHA512

                                        faabf3e957ee6516f8e66a1decfb2279e3923f63d0bc3f4f6aa5082b84feba57e48d0c631800b962567313b26d6cb92192a29eef6faf7b0be01894233b4929b0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        18ad3a99cbd5ddc6b806e98374137f92

                                        SHA1

                                        03b6e4402a81fc0585430539a6d4a208b6ca9020

                                        SHA256

                                        b4f8afdb8ec7975ab4f4bff3a5c1fcab389dee2b9eb38b9603099d500457145f

                                        SHA512

                                        faabf3e957ee6516f8e66a1decfb2279e3923f63d0bc3f4f6aa5082b84feba57e48d0c631800b962567313b26d6cb92192a29eef6faf7b0be01894233b4929b0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        18ad3a99cbd5ddc6b806e98374137f92

                                        SHA1

                                        03b6e4402a81fc0585430539a6d4a208b6ca9020

                                        SHA256

                                        b4f8afdb8ec7975ab4f4bff3a5c1fcab389dee2b9eb38b9603099d500457145f

                                        SHA512

                                        faabf3e957ee6516f8e66a1decfb2279e3923f63d0bc3f4f6aa5082b84feba57e48d0c631800b962567313b26d6cb92192a29eef6faf7b0be01894233b4929b0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        18ad3a99cbd5ddc6b806e98374137f92

                                        SHA1

                                        03b6e4402a81fc0585430539a6d4a208b6ca9020

                                        SHA256

                                        b4f8afdb8ec7975ab4f4bff3a5c1fcab389dee2b9eb38b9603099d500457145f

                                        SHA512

                                        faabf3e957ee6516f8e66a1decfb2279e3923f63d0bc3f4f6aa5082b84feba57e48d0c631800b962567313b26d6cb92192a29eef6faf7b0be01894233b4929b0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        2KB

                                        MD5

                                        33f42903763d7fa5ddfbd8a9e6d631a6

                                        SHA1

                                        00fee4242fc05ef437bdc2183254781f87dbc999

                                        SHA256

                                        80c638ecaf72bd91f42e2de58048ff36255ca60e1cd86ee80dfc42fd204f9ea7

                                        SHA512

                                        94d08ed1f2b7ccdc03ad2ee893bc090b81b936006ef759b93050376420b287077ba8ecfb4d11c757efb6cfdaab5b451839ce772de05f4265154dca57ace129e4

                                        Download Submit