Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

swift _ co...699.js

windows7-x64

3

swift _ co...699.js

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/03/2023, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    swift _ copy168678689699.js

  • Size

    356KB

  • MD5

    d5e78c598c5cd83e6b82896dcabd665e

  • SHA1

    24877b354e0378bf350ddab24006e6a02773e2ec

  • SHA256

    5168f3064a0f58965109c158f0c6030b0c755064ab8f1462a611997da0e6730a

  • SHA512

    9205a3c37c743fd84da763379500797e4a2bb1c9fd905d34786a2fcb93fdc4c320bd6862870173eea766c00f34ab0731ddbd693cef6f4068da12864fe9d93c32

  • SSDEEP

    6144:GQqCe7DlgnirYAym5NCl1Z+qvjdg7EKHWg2xlI6ClynjXWHm4DihNDMhWxe4RveG:NzU8nZ+uLlI6937/DclsRtktXk

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\swift _ copy168678689699.js"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\regedit.exe
      "regedit.exe" "C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg"
      2⤵
      • Runs .reg file with regedit
      PID:3860
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\jdqwyxlxad.txt"
      2⤵
        PID:3348

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ebgeaegdbdecaedfebace.reg
      Filesize

      143B

      MD5

      0e5411d7ecba9a435afda71c6c39d8fd

      SHA1

      2d6812052bf7be1b5e213e1d813ae39faa07284c

      SHA256

      cb68d50df5817e51ec5b2f72893dc4c749bf3504519107e0a78dda84d55f09e2

      SHA512

      903ac6e5c8a12607af267b54bcbbedfa5542c5b4f7ea289ab7c6a32a424d5b846ae406d830cb4ad48e2b46f92c504163c0856af8c3e09685a8855f39f616ddb1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\jdqwyxlxad.txt
      Filesize

      164KB

      MD5

      a38a8c84ca9380e033bce578883e53eb

      SHA1

      3819e72452f4df494e73f0451753382407c65827

      SHA256

      72a590d7d30481cf2194cb4541dca53d7a58d237c067ab6466b685b82c491aba

      SHA512

      b0a17b026e402d80ce882ea4c036a730a545d0844eee740c35373b9b4f6d59e498bbb2a8af3b3335ee186129df43f31e7134627ce0e14e8bbc65d80e3e0b415a

      Download Submit

    • memory/3348-148-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-163-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-188-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-189-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-195-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-196-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-197-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-199-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-200-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-202-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-203-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-207-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-209-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-223-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-226-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-228-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-231-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-233-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-234-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3348-236-0x0000000000860000-0x0000000000861000-memory.dmp

      Filesize

      4KB

      Download