Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Purchase_Order.pdf.js

windows7-x64

8

Purchase_Order.pdf.js

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase_Order.pdf.js

  • Size

    7KB

  • MD5

    649da5e2745b8efb3237f3ebd18da508

  • SHA1

    42fb7cd4ebcee9aa64dc98e8cac4338085d256bb

  • SHA256

    605a9532143c3d10b2b9676bdb7b39679feab8eae9985acc799ae9d568dca2b7

  • SHA512

    96fa718f0bfd892a329054f5e25c5ae2d57e84b7552df17f914abeff9ae7b3add644248e61f95fa47350c7488eee5168a4cf159d1e330ebcbdf9fcd76fd343fc

  • SSDEEP

    48:w6Wxz3jBjIYTjPVuBqxdYBudYDLQudYD/KKmxTaPBQnqxApKxGjyDhX4q1NhPBOJ:VO/te9Wz7n2yjd0aqbQZ0qU

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 9 IoCs
  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\Purchase_Order.pdf.js
    1⤵
    • Blocklisted process makes network request
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3252
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MGNRKD.vbs"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      PID:3884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MGNRKD.vbs
    Filesize

    205KB

    MD5

    bcac0ec28373a4b0db4cd2a488a6595f

    SHA1

    21fa2e3e0c589f44e14ffe60e5cb1b6c8401e655

    SHA256

    241e2aee1c1715ad0c91b5c9ba258ac2f31a1be168c5a1683712da2d36a540b6

    SHA512

    4802fada66768941c19485e07d6298f914f8819529c2e9eb0615ffee9ab48b0277ed9e15c4010b6052c29c950a659711c60a73d0af797f6657dd899cb6d2357b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MGNRKD.vbs
    Filesize

    205KB

    MD5

    bcac0ec28373a4b0db4cd2a488a6595f

    SHA1

    21fa2e3e0c589f44e14ffe60e5cb1b6c8401e655

    SHA256

    241e2aee1c1715ad0c91b5c9ba258ac2f31a1be168c5a1683712da2d36a540b6

    SHA512

    4802fada66768941c19485e07d6298f914f8819529c2e9eb0615ffee9ab48b0277ed9e15c4010b6052c29c950a659711c60a73d0af797f6657dd899cb6d2357b

    Download Submit