Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

9cc94cedd8...d26.js

windows7-x64

8

9cc94cedd8...d26.js

windows10-2004-x64

8

Analysis

  • max time kernel
    128s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2023, 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cc94cedd85793b3be9cb808dfd7e326ba1386b0bae08fee1519c1df8ea40d26.js

  • Size

    4KB

  • MD5

    6ec662cb2923bc72fbbfbce78331109a

  • SHA1

    fe3d25c1d4164161c4075122b6f99de415da6430

  • SHA256

    9cc94cedd85793b3be9cb808dfd7e326ba1386b0bae08fee1519c1df8ea40d26

  • SHA512

    4e6476aa0442d2533a4a44d3c0bbabc106d72e5266a4e5f5d8bbe4cf36e71506e5474e84017c8d862041927b99c2af14090fc975ec8502cfecd6844f0a441241

  • SSDEEP

    96:l8rOmAMUpSH9hDks9gUQSOv0oKzPqHz8qZ/2EsL/eekJyK:2r8MUwHHDPgUJOJzRt4LGzJyK

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\9cc94cedd85793b3be9cb808dfd7e326ba1386b0bae08fee1519c1df8ea40d26.js
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Windows\Temp\fmsign.exe
      "C:\Windows\Temp\fmsign.exe"
      2⤵
      • Executes dropped EXE
      PID:1528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\fmsign.exe
    Filesize

    1.1MB

    MD5

    bf6f221b0588d21e73f2095cc4eedaf2

    SHA1

    171694b0fe53de3d2a799cb8822560b58309f20c

    SHA256

    397584eda8f01bf29d148fcc38c1481e81c44a9e6fa45c95c041a7662c037157

    SHA512

    4300762b097e4487d9a3f6fa0edd082e7397989302b3b226e9b8a166695b2269b9fe6514693f944e84ab0dc2fe735827ce1e3bf97529b9e734a239baaec5d939

    Download Submit

  • C:\Windows\Temp\fmsign.exe
    Filesize

    1.1MB

    MD5

    bf6f221b0588d21e73f2095cc4eedaf2

    SHA1

    171694b0fe53de3d2a799cb8822560b58309f20c

    SHA256

    397584eda8f01bf29d148fcc38c1481e81c44a9e6fa45c95c041a7662c037157

    SHA512

    4300762b097e4487d9a3f6fa0edd082e7397989302b3b226e9b8a166695b2269b9fe6514693f944e84ab0dc2fe735827ce1e3bf97529b9e734a239baaec5d939

    Download Submit

  • C:\Windows\Temp\fmsign.exe
    Filesize

    1.1MB

    MD5

    bf6f221b0588d21e73f2095cc4eedaf2

    SHA1

    171694b0fe53de3d2a799cb8822560b58309f20c

    SHA256

    397584eda8f01bf29d148fcc38c1481e81c44a9e6fa45c95c041a7662c037157

    SHA512

    4300762b097e4487d9a3f6fa0edd082e7397989302b3b226e9b8a166695b2269b9fe6514693f944e84ab0dc2fe735827ce1e3bf97529b9e734a239baaec5d939

    Download Submit

  • memory/1528-15-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1528-17-0x0000000000400000-0x0000000000537000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2568-0-0x00007FFBA4EB0000-0x00007FFBA5851000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2568-1-0x0000012610A80000-0x0000012610A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-5-0x00007FFBA4EB0000-0x00007FFBA5851000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2568-16-0x00007FFBA4EB0000-0x00007FFBA5851000-memory.dmp

    Filesize

    9.6MB

    Download