Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NA_4b88ca8115abf6400f900d9ee_JC.js
-
Size
7KB
-
Sample
230726-qv8xcaca95
-
MD5
6b57f84625e48278f611de466e10dea9
-
SHA1
61432ddbd911264ce613f1549ab33f9635d446dd
-
SHA256
4b88ca8115abf6400f900d9eeadd9793806c3c4314868bb6080e88b697ecef1a
-
SHA512
6608bff89995d80ef243bdff96c2dd9a1f29a377fdf128e819d0ffde30ef23befbe8af4ca5550692052d34223839d54d016d6a4ac6a14d3559fc36aeaff782aa
-
SSDEEP
96:MUf+CjnaYRApwXr7HRPNYtQH3srX2zWwPhHr/trkOHr+wc+i:O3PN
Static task
static1
Behavioral task
behavioral1
Sample
NA_4b88ca8115abf6400f900d9ee_JC.js
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
NA_4b88ca8115abf6400f900d9ee_JC.js
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
NA_4b88ca8115abf6400f900d9ee_JC.js
-
Size
7KB
-
MD5
6b57f84625e48278f611de466e10dea9
-
SHA1
61432ddbd911264ce613f1549ab33f9635d446dd
-
SHA256
4b88ca8115abf6400f900d9eeadd9793806c3c4314868bb6080e88b697ecef1a
-
SHA512
6608bff89995d80ef243bdff96c2dd9a1f29a377fdf128e819d0ffde30ef23befbe8af4ca5550692052d34223839d54d016d6a4ac6a14d3559fc36aeaff782aa
-
SSDEEP
96:MUf+CjnaYRApwXr7HRPNYtQH3srX2zWwPhHr/trkOHr+wc+i:O3PN
Score10/10-
WSHRAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-