Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

2985392473...019.js

windows7-x64

8

2985392473...019.js

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 03:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29853924731_May_01_2019.js

  • Size

    39KB

  • MD5

    894aa32cbc169bc55f76dbc745a8a409

  • SHA1

    fa68cd456d468c0b5f501148107f0dcf726da043

  • SHA256

    b0840f0a422e5b418f84a7e2a15d30bdec48404257a8b7bd95a36ee7d6806feb

  • SHA512

    8e207d21917f818985d5467f029f87624fe2168d5b42cf64cbb2b1a497b957061014be720a5c00a57b918f1161f79784578f121412639d348ff54d3a8e0e3005

  • SSDEEP

    768:tvvuVEOojy4VaOvblKaOMvRQnRUm0eRbE4YTtWsVuNfeqro6OAFhUaEcd9pruwIv:tvIEOoj9VDvxKaOMqnR+nKGb7+liO3te

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 7 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\29853924731_May_01_2019.js
    1⤵
    • Blocklisted process makes network request
    PID:1576

Network

  • flag-us
    DNS
    goleta105.com
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    goleta105.com
    IN A
    Response
    goleta105.com
    IN A
    207.32.216.70
  • flag-us
    GET
    http://goleta105.com/404_page_images/Xkg/
    wscript.exe
    Remote address:
    207.32.216.70:80
    Request
    GET /404_page_images/Xkg/ HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: goleta105.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Mon, 03 Jun 2024 03:12:12 GMT
    Server:
    X-Frame-Options: SAMEORIGIN
    Content-Length: 548
    Connection: keep-alive, Keep-Alive
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Keep-Alive: timeout=5, max=100
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    www.iowaselectvbc.com
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    www.iowaselectvbc.com
    IN A
    Response
    www.iowaselectvbc.com
    IN CNAME
    iowaselectvbc.com
    iowaselectvbc.com
    IN A
    151.101.194.159
  • flag-us
    GET
    http://www.iowaselectvbc.com/1bksryf/CpSX/
    wscript.exe
    Remote address:
    151.101.194.159:80
    Request
    GET /1bksryf/CpSX/ HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: www.iowaselectvbc.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 403 Forbidden
    Connection: keep-alive
    x-fw-server: Flywheel/5.1.0
    x-fw-hash: v4ueuyan4h
    referrer-policy: no-referrer-when-downgrade
    accept-ranges: bytes
    x-xss-protection: 1
    x-content-type-options: nosniff
    content-encoding: gzip
    content-type: text/html
    x-fw-version: 5.0.0
    Server: Flywheel/5.1.0
    X-Cacheable: YES
    Fastly-Restarts: 1
    Date: Mon, 03 Jun 2024 03:12:12 GMT
    X-Served-By: cache-lcy-eglc8600074-LCY, cache-lcy-eglc8600023-LCY
    X-Cache: MISS, MISS
    X-Cache-Hits: 0, 0
    X-Timer: S1717384332.336746,VS0,VE114
    Vary: Accept-Encoding, Authorization
    X-FW-Serve: TRUE
    X-FW-Static: NO
    X-FW-Type: VISIT
    transfer-encoding: chunked
  • flag-us
    DNS
    www.likepage.site
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    www.likepage.site
    IN A
    Response
  • flag-us
    DNS
    goudappel.org
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    goudappel.org
    IN A
    Response
    goudappel.org
    IN A
    185.159.242.66
  • flag-nl
    GET
    http://goudappel.org/HendrikMGoudappel/P6TUk/
    wscript.exe
    Remote address:
    185.159.242.66:80
    Request
    GET /HendrikMGoudappel/P6TUk/ HTTP/1.1
    Accept: */*
    UA-CPU: AMD64
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: goudappel.org
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Mon, 03 Jun 2024 03:12:12 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Location: https://goudappel.org/HendrikMGoudappel/P6TUk/
  • flag-us
    DNS
    encorestudios.org
    wscript.exe
    Remote address:
    8.8.8.8:53
    Request
    encorestudios.org
    IN A
    Response
  • 207.32.216.70:80
    http://goleta105.com/404_page_images/Xkg/
    http
    wscript.exe
    628 B
     1.0kB
     6
    4

    HTTP Request

    GET http://goleta105.com/404_page_images/Xkg/

    HTTP Response

    404
  • 151.101.194.159:80
    http://www.iowaselectvbc.com/1bksryf/CpSX/
    http
    wscript.exe
    635 B
     1.8kB
     6
    4

    HTTP Request

    GET http://www.iowaselectvbc.com/1bksryf/CpSX/

    HTTP Response

    403
  • 185.159.242.66:80
    http://goudappel.org/HendrikMGoudappel/P6TUk/
    http
    wscript.exe
    638 B
     924 B
     6
    4

    HTTP Request

    GET http://goudappel.org/HendrikMGoudappel/P6TUk/

    HTTP Response

    301
  • 185.159.242.66:443
    goudappel.org
    tls
    wscript.exe
    394 B
     219 B
     5
    5
  • 185.159.242.66:443
    goudappel.org
    tls
    wscript.exe
    356 B
     219 B
     5
    5
  • 185.159.242.66:443
    goudappel.org
    tls
    wscript.exe
    288 B
     219 B
     5
    5
  • 185.159.242.66:443
    goudappel.org
    wscript.exe
    190 B
     92 B
     4
    2
  • 8.8.8.8:53
    goleta105.com
    dns
    wscript.exe
    59 B
     75 B
     1
    1

    DNS Request

    goleta105.com

    DNS Response

    207.32.216.70

  • 8.8.8.8:53
    www.iowaselectvbc.com
    dns
    wscript.exe
    67 B
     97 B
     1
    1

    DNS Request

    www.iowaselectvbc.com

    DNS Response

    151.101.194.159

  • 8.8.8.8:53
    www.likepage.site
    dns
    wscript.exe
    63 B
     128 B
     1
    1

    DNS Request

    www.likepage.site

  • 8.8.8.8:53
    goudappel.org
    dns
    wscript.exe
    59 B
     75 B
     1
    1

    DNS Request

    goudappel.org

    DNS Response

    185.159.242.66

  • 8.8.8.8:53
    encorestudios.org
    dns
    wscript.exe
    63 B
     125 B
     1
    1

    DNS Request

    encorestudios.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.