Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

002207799.wsf

windows7-x64

10

002207799.wsf

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2023, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    002207799.wsf

  • Size

    79KB

  • MD5

    06cfea33119286aeed8b6319d6ea344c

  • SHA1

    3f9e95f9cbbe99e8edadabc3a26aaf0ba1fda74d

  • SHA256

    e0337ebd14f0c75c94819081268d808982078b9b68151b83ba5c1e8a493f3c0b

  • SHA512

    22d3818ed7be01ba04e4b2c238ec4ddb3ee1c9b12bba67527c94903736b14a05c709c85e4cd43feb728f91bb067a0539088fe11ff6273665f0fe053b23121c0f

  • SSDEEP

    1536:Hh1k2UjmwLzl0j+3DbdjI6MGWD+vMdMRM9lDC4:Hh1k2izuybyyo+VqlDC4

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 9 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\002207799.wsf"
    1⤵
    • Blocklisted process makes network request
    PID:1736
  • C:\Windows\system32\conhost.exe
    conhost.exe rundll32.exe C:\Users\Public\aFNXhYmvnKokC9.dat,bind
    1⤵
    • Process spawned unexpected child process
    PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads