Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1199s -
max time network
1203s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
05/06/2023, 18:14
Static task
static1
Behavioral task
behavioral1
Sample
VQlpXNzQJz.js
Resource
win10-20230220-en
windows10-1703-x64
4 signatures
1200 seconds
Behavioral task
behavioral2
Sample
VQlpXNzQJz.js
Resource
win7-20230220-en
windows7-x64
4 signatures
1200 seconds
General
-
Target
VQlpXNzQJz.js
-
Size
346KB
-
MD5
3ed07b2cfc14457c448129ac338d1a9b
-
SHA1
e07cd37475c0a9e2c53d4f7df317c8b4be70855e
-
SHA256
ed505690251f92f79fb3341968a3283e69bcd4ffe08539593b1601fac515c36b
-
SHA512
db34f63ad7cd4580c200040f1ced68ef7477cf61e44304932a2989cda520a56e90bf51d27bcd8474f14600a92f25664befa9a64caf26c009d5ecb6a610b78fa5
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8l/:eQ3B7qgpr
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 4 1052 wscript.exe 5 1052 wscript.exe 6 1052 wscript.exe 9 1052 wscript.exe 10 1052 wscript.exe 11 1052 wscript.exe 13 1052 wscript.exe 14 1052 wscript.exe 15 1052 wscript.exe 17 1052 wscript.exe 18 1052 wscript.exe 19 1052 wscript.exe 21 1052 wscript.exe 22 1052 wscript.exe 23 1052 wscript.exe 25 1052 wscript.exe 26 1052 wscript.exe 27 1052 wscript.exe 29 1052 wscript.exe 30 1052 wscript.exe 31 1052 wscript.exe 33 1052 wscript.exe 34 1052 wscript.exe 35 1052 wscript.exe 37 1052 wscript.exe 38 1052 wscript.exe 39 1052 wscript.exe 41 1052 wscript.exe 42 1052 wscript.exe 43 1052 wscript.exe 45 1052 wscript.exe 46 1052 wscript.exe 47 1052 wscript.exe 49 1052 wscript.exe 50 1052 wscript.exe 51 1052 wscript.exe 53 1052 wscript.exe 54 1052 wscript.exe 55 1052 wscript.exe 57 1052 wscript.exe 58 1052 wscript.exe 59 1052 wscript.exe 61 1052 wscript.exe 62 1052 wscript.exe 63 1052 wscript.exe 65 1052 wscript.exe 66 1052 wscript.exe 67 1052 wscript.exe 69 1052 wscript.exe 70 1052 wscript.exe 71 1052 wscript.exe 73 1052 wscript.exe 74 1052 wscript.exe 75 1052 wscript.exe 77 1052 wscript.exe 78 1052 wscript.exe 79 1052 wscript.exe 81 1052 wscript.exe 82 1052 wscript.exe 83 1052 wscript.exe 85 1052 wscript.exe 86 1052 wscript.exe 87 1052 wscript.exe 89 1052 wscript.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VQlpXNzQJz.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VQlpXNzQJz.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).