Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
17/03/2023, 09:45
General
-
Target
Invoice No. 102220034.js
-
Size
363KB
-
MD5
1fa02948cc7fb485b2a599a5ed89ef34
-
SHA1
98737df996354ccfb4524b2e9df55f306f578a31
-
SHA256
9b900a34a52b2a9d16b777da88308c34dbddd6df39baa3d8aeee59edb2535838
-
SHA512
8e223e1310ef54a044f4b9e24d5654f5c1544ec5136a957ac1864b91ecaafab6d43f10e90b1a24e8d7451a700cf796707376d56c05679d1a3e55f35f43d0e435
-
SSDEEP
6144:GQBvd8uQFt6/MbvrIRr8xqhSYWZ3uh8Df9FPZtrnxj2roXmOfH7ojvVfmkg2jDk:NxyuQFt6/KIWJuh8nkOv7ehg
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe "C:\Users\Admin\AppData\Local\Temp\Invoice No. 102220034.js"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\xnkznoez.txt"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164KB
MD53834513023ec311a08f09b81a3b13fb8
SHA1cb2faf30e64be67532aa01a59480052a2438ded6
SHA2567b43f6ba187bf62f37f43374ef60808601cd187f5796e97458d15954f50c619b
SHA5127fbf3b5b180fc0427cd641810806ebbb0e6c8fb710faf15bbf579af9fa668ed8257ea011e27b73cf3921f0714c0ad82d1be3eed3729319396017592d5f6df859
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB