Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
22/03/2023, 07:01
Static task
static1
Behavioral task
behavioral1
Sample
Doc49870477302203.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Doc49870477302203.js
Resource
win10v2004-20230220-en
General
-
Target
Doc49870477302203.js
-
Size
363KB
-
MD5
92764f45d45e4df159ebd139e2c6619c
-
SHA1
7ef9907dd1c4b29df121133f0c31d720d806d0b6
-
SHA256
91bc3eed793940f46537c8690c61c496021d8e68bfb016d8d4c390eab8e0e4b7
-
SHA512
33f49c8f3a16db9bd3de072055baeb8f6966aad82bbbfa5281a6a204ac49216c8bff6008b13f3cbee60e6b7d16d2609b35a18b99939f745a689cf55c6c14fae1
-
SSDEEP
6144:GQrM9UP/tCo8jc9p2vrXoEyykCSghKHyi6NhPTstoHL:NTD+/Rkjmnio7Kor
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2032 wrote to memory of 944 2032 wscript.exe 28 PID 2032 wrote to memory of 944 2032 wscript.exe 28 PID 2032 wrote to memory of 944 2032 wscript.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Doc49870477302203.js1⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Program Files\Java\jre7\bin\javaw.exe"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\bmjspzwfxn.txt"2⤵PID:944
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
164KB
MD5f02861314a99a6cd2995ac5e5313a855
SHA1c4beec880e8e626d2c600db933165dd95581a339
SHA256f1744458058b496f511390a9622b126bc74ae949392811a1b92ed6401f08dee6
SHA51292603940c2fbc73f6723284510a65d800904604ce2278d9d83985a725265225ce6ca85bf09712a5f528de45c779b2366034e4b8d393150648785585539ffec1b