Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1192s -
max time network
1197s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2023, 18:14
Static task
static1
Behavioral task
behavioral1
Sample
VQlpXNzQJz.js
Resource
win10-20230220-en
windows10-1703-x64
4 signatures
1200 seconds
Behavioral task
behavioral2
Sample
VQlpXNzQJz.js
Resource
win7-20230220-en
windows7-x64
4 signatures
1200 seconds
General
-
Target
VQlpXNzQJz.js
-
Size
346KB
-
MD5
3ed07b2cfc14457c448129ac338d1a9b
-
SHA1
e07cd37475c0a9e2c53d4f7df317c8b4be70855e
-
SHA256
ed505690251f92f79fb3341968a3283e69bcd4ffe08539593b1601fac515c36b
-
SHA512
db34f63ad7cd4580c200040f1ced68ef7477cf61e44304932a2989cda520a56e90bf51d27bcd8474f14600a92f25664befa9a64caf26c009d5ecb6a610b78fa5
-
SSDEEP
6144:eQfPBx5q0sQ1o7rsbHC01mDBpNW2mTMSbpuV8l/:eQ3B7qgpr
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 7 4380 wscript.exe 20 4380 wscript.exe 25 4380 wscript.exe 27 4380 wscript.exe 30 4380 wscript.exe 33 4380 wscript.exe 38 4380 wscript.exe 40 4380 wscript.exe 42 4380 wscript.exe 43 4380 wscript.exe 45 4380 wscript.exe 46 4380 wscript.exe 47 4380 wscript.exe 49 4380 wscript.exe 50 4380 wscript.exe 52 4380 wscript.exe 54 4380 wscript.exe 56 4380 wscript.exe 57 4380 wscript.exe 58 4380 wscript.exe 65 4380 wscript.exe 66 4380 wscript.exe 74 4380 wscript.exe 75 4380 wscript.exe 76 4380 wscript.exe 77 4380 wscript.exe 83 4380 wscript.exe 84 4380 wscript.exe 85 4380 wscript.exe 86 4380 wscript.exe 87 4380 wscript.exe 88 4380 wscript.exe 89 4380 wscript.exe 90 4380 wscript.exe 91 4380 wscript.exe 92 4380 wscript.exe 93 4380 wscript.exe 94 4380 wscript.exe 95 4380 wscript.exe 96 4380 wscript.exe 97 4380 wscript.exe 98 4380 wscript.exe 99 4380 wscript.exe 100 4380 wscript.exe 101 4380 wscript.exe 102 4380 wscript.exe 103 4380 wscript.exe 104 4380 wscript.exe 105 4380 wscript.exe 106 4380 wscript.exe 107 4380 wscript.exe 108 4380 wscript.exe 109 4380 wscript.exe 110 4380 wscript.exe 111 4380 wscript.exe 112 4380 wscript.exe 113 4380 wscript.exe 114 4380 wscript.exe 115 4380 wscript.exe 116 4380 wscript.exe 117 4380 wscript.exe 118 4380 wscript.exe 119 4380 wscript.exe 120 4380 wscript.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VQlpXNzQJz.js wscript.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VQlpXNzQJz.js wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).