Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

eqY.vbs

windows7-x64

8

eqY.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 11:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eqY.vbs

  • Size

    1KB

  • MD5

    80bff1fc24a67f8218e22460ff5a28c8

  • SHA1

    1bb7ad2bf023d9108523625039b4c4936c397ddf

  • SHA256

    c31332071d18f0ca42c29e73e92faaaf076a27677b93a4d5ff40ae7708b27734

  • SHA512

    6fe20897e0fd790ae558969b0df9e47c0497e1aef1a22664b2f0ce17d65c8afbcb25572cf3a3a6e87d81875640214c5444ba652832943d5b20ad52ec7db2315d

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\eqY.vbs"
    1⤵
    • Blocklisted process makes network request
    PID:5096

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    68.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    108.211.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    108.211.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    163.252.72.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.252.72.23.in-addr.arpa
    IN PTR
    Response
    163.252.72.23.in-addr.arpa
    IN PTR
    a23-72-252-163deploystaticakamaitechnologiescom
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    167.109.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.109.18.2.in-addr.arpa
    IN PTR
    Response
    167.109.18.2.in-addr.arpa
    IN PTR
    a2-18-109-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.136.104.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.136.104.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.81.21.72.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.81.21.72.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    129.252.72.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    129.252.72.23.in-addr.arpa
    IN PTR
    Response
    129.252.72.23.in-addr.arpa
    IN PTR
    a23-72-252-129deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    38.148.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    38.148.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    170.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    170.117.168.52.in-addr.arpa
    IN PTR
    Response
  • 5.188.87.58:2351
    WScript.exe
    260 B
     5
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    68.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    68.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    108.211.229.192.in-addr.arpa
    dns
    74 B
     145 B
     1
    1

    DNS Request

    108.211.229.192.in-addr.arpa

  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    163.252.72.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    163.252.72.23.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    167.109.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    167.109.18.2.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    2.136.104.51.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.136.104.51.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    240.81.21.72.in-addr.arpa
    dns
    71 B
     142 B
     1
    1

    DNS Request

    240.81.21.72.in-addr.arpa

  • 8.8.8.8:53
    129.252.72.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    129.252.72.23.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    38.148.119.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    38.148.119.40.in-addr.arpa

  • 8.8.8.8:53
    170.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    170.117.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.