Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

tkssm3306.js

windows7-x64

8

tkssm3306.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tkssm3306.js

  • Size

    33KB

  • Sample

    230615-r56emsaa32

  • MD5

    e59524fc7047d18d6d67b90c02340792

  • SHA1

    70f833bd1d0284c49af0748c3a4869d8c9cdd87a

  • SHA256

    189be0509d523ae0325b502c1cf4a78f4e15059655da116634ab8168a075a0d1

  • SHA512

    70ec1ca8ab06e7ecf245ea5d7c26a779554b83739e64d05a18bee32b3d00756ada54a720f3fe82cef6940a65d4c2253f24b6c5ba4646520d6e37c251f1f5ccbb

  • SSDEEP

    384:m6AENS2FIDJasQoIsFPMRKV91aLwBXchzSKxzTpqPd28NMwzoTVY01nRfb6/nrRU:k2iaAr1bc59qPd28NMwqVY6yrRnj2TF

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://a.ezydict.com/4th_2.zip
exe.dropper

http://YOUR.LINK/files/

Targets

    • Target

      tkssm3306.js

    • Size

      33KB

    • MD5

      e59524fc7047d18d6d67b90c02340792

    • SHA1

      70f833bd1d0284c49af0748c3a4869d8c9cdd87a

    • SHA256

      189be0509d523ae0325b502c1cf4a78f4e15059655da116634ab8168a075a0d1

    • SHA512

      70ec1ca8ab06e7ecf245ea5d7c26a779554b83739e64d05a18bee32b3d00756ada54a720f3fe82cef6940a65d4c2253f24b6c5ba4646520d6e37c251f1f5ccbb

    • SSDEEP

      384:m6AENS2FIDJasQoIsFPMRKV91aLwBXchzSKxzTpqPd28NMwzoTVY01nRfb6/nrRU:k2iaAr1bc59qPd28NMwqVY6yrRnj2TF

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks