Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01/05/2024, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
bb9203ca1305e47a2ec1443a640efcd5e2c7d11223184639729673579e12967e.js
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bb9203ca1305e47a2ec1443a640efcd5e2c7d11223184639729673579e12967e.js
Resource
win10v2004-20240419-en
General
-
Target
bb9203ca1305e47a2ec1443a640efcd5e2c7d11223184639729673579e12967e.js
-
Size
533KB
-
MD5
9b86cd448940a50ab43472676dacb5c0
-
SHA1
1798cb554fb40bfe6dce86759987e1a3b489f73a
-
SHA256
bb9203ca1305e47a2ec1443a640efcd5e2c7d11223184639729673579e12967e
-
SHA512
c3861177009fb9d20fe9b95d6e779ac3ede9a599b8a82a1e0df45d2525e22ee1d80111807223a3572b701dd4caa9d680e9dae9419fa7925fcd85bc59ba9e0ddf
-
SSDEEP
6144:VTgoYSJ9u2EKHnzirPK86zjXKnjXMjHtIfC3YsS61l3wioIfOEu6TcX3soAEiO8u:xgUJsriGrK8ODNp33ZdBfG3mEsmd
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 4 60 wscript.exe 6 60 wscript.exe 23 60 wscript.exe 26 2360 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 32 IoCs
description pid Process Token: SeShutdownPrivilege 60 wscript.exe Token: SeIncreaseQuotaPrivilege 60 wscript.exe Token: SeSecurityPrivilege 2360 msiexec.exe Token: SeCreateTokenPrivilege 60 wscript.exe Token: SeAssignPrimaryTokenPrivilege 60 wscript.exe Token: SeLockMemoryPrivilege 60 wscript.exe Token: SeIncreaseQuotaPrivilege 60 wscript.exe Token: SeMachineAccountPrivilege 60 wscript.exe Token: SeTcbPrivilege 60 wscript.exe Token: SeSecurityPrivilege 60 wscript.exe Token: SeTakeOwnershipPrivilege 60 wscript.exe Token: SeLoadDriverPrivilege 60 wscript.exe Token: SeSystemProfilePrivilege 60 wscript.exe Token: SeSystemtimePrivilege 60 wscript.exe Token: SeProfSingleProcessPrivilege 60 wscript.exe Token: SeIncBasePriorityPrivilege 60 wscript.exe Token: SeCreatePagefilePrivilege 60 wscript.exe Token: SeCreatePermanentPrivilege 60 wscript.exe Token: SeBackupPrivilege 60 wscript.exe Token: SeRestorePrivilege 60 wscript.exe Token: SeShutdownPrivilege 60 wscript.exe Token: SeDebugPrivilege 60 wscript.exe Token: SeAuditPrivilege 60 wscript.exe Token: SeSystemEnvironmentPrivilege 60 wscript.exe Token: SeChangeNotifyPrivilege 60 wscript.exe Token: SeRemoteShutdownPrivilege 60 wscript.exe Token: SeUndockPrivilege 60 wscript.exe Token: SeSyncAgentPrivilege 60 wscript.exe Token: SeEnableDelegationPrivilege 60 wscript.exe Token: SeManageVolumePrivilege 60 wscript.exe Token: SeImpersonatePrivilege 60 wscript.exe Token: SeCreateGlobalPrivilege 60 wscript.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\bb9203ca1305e47a2ec1443a640efcd5e2c7d11223184639729673579e12967e.js1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:60
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:2360