Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Battly-Lau...ws.exe

windows10-2004-x64

10

resources/...zip.js

windows10-2004-x64

3

resources/...der.js

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...der.js

windows10-2004-x64

3

resources/...ter.js

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...ter.js

windows10-2004-x64

3

resources/...pto.js

windows10-2004-x64

3

resources/...nts.js

windows10-2004-x64

3

resources/...ors.js

windows10-2004-x64

3

resources/...ttr.js

windows10-2004-x64

3

resources/...tem.js

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...ils.js

windows10-2004-x64

3

resources/...try.js

windows10-2004-x64

3

resources/...ile.js

windows10-2004-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...all.js

windows10-2004-x64

3

resources/...mit.js

windows10-2004-x64

3

resources/...ies.js

windows10-2004-x64

3

resources/...any.js

windows10-2004-x64

3

resources/...mit.js

windows10-2004-x64

3

resources/...eue.js

windows10-2004-x64

3

resources/...eue.js

windows10-2004-x64

3

resources/...ace.js

windows10-2004-x64

3

resources/...uce.js

windows10-2004-x64

3

resources/...ght.js

windows10-2004-x64

3

resources/...ect.js

windows10-2004-x64

3

resources/...All.js

windows10-2004-x64

3

resources/...ect.js

windows10-2004-x64

3

resources/...mit.js

windows10-2004-x64

3

Analysis

  • max time kernel
    1278s
  • max time network
    1113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    02/07/2024, 21:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app/node_modules/adm-zip/util/utils.js

  • Size

    7KB

  • MD5

    b7a147df232c33b9733089d358e8919f

  • SHA1

    62f476f4fd0f58d0f6affedadc39da4eed9622e0

  • SHA256

    476362e756eeab1eb18548732f27ed8786cea36d6c33aa27d75a74fb70b4a2e0

  • SHA512

    e0c2641d2b2626c145fd829d48c2154431179011946898714aca55be10209c816649ae79cf0fdadf76933079c28114b2c9000ebcd557a5e324448561cbd62b72

  • SSDEEP

    192:giQAJ3zMRGhO3l3a2iCjgqiuA7cHBrQrlMh6n2d+MYKI6j8Ok86+IEiQkGyTh9d:bz2wSqrl7kZIlj23Yak87Ih7Thn

Score
3/10
execution

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\adm-zip\util\utils.js
    1⤵
      PID:4284

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      144.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      144.107.17.2.in-addr.arpa
      IN PTR
      Response
      144.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-144deploystaticakamaitechnologiescom
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      136.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.99.105.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.99.105.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.219.191.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.219.191.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.15.31.184.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.15.31.184.in-addr.arpa
      IN PTR
      Response
      57.15.31.184.in-addr.arpa
      IN PTR
      a184-31-15-57deploystaticakamaitechnologiescom
    • flag-us
      DNS
      203.107.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      203.107.17.2.in-addr.arpa
      IN PTR
      Response
      203.107.17.2.in-addr.arpa
      IN PTR
      a2-17-107-203deploystaticakamaitechnologiescom
    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 770657
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: DDADD9CB55B4447EAD7D34FB172772B7 Ref B: LON04EDGE0716 Ref C: 2024-07-02T21:16:41Z
      date: Tue, 02 Jul 2024 21:16:40 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239382741809_1LZPXHBRM6H3VX4W8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239382741809_1LZPXHBRM6H3VX4W8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 835660
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 69CFF4EA8D614632A3B1D87BC16FC428 Ref B: LON04EDGE0716 Ref C: 2024-07-02T21:16:41Z
      date: Tue, 02 Jul 2024 21:16:40 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 604297
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6554FF28DA2140EBAFC72BDFF745F5BF Ref B: LON04EDGE0716 Ref C: 2024-07-02T21:16:41Z
      date: Tue, 02 Jul 2024 21:16:40 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239382741808_11R09KFO4KJIRL38X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239382741808_11R09KFO4KJIRL38X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 641220
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6FE8E428961041EE9C71B84428225168 Ref B: LON04EDGE0716 Ref C: 2024-07-02T21:16:41Z
      date: Tue, 02 Jul 2024 21:16:40 GMT
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      2.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.173.189.20.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      g.bing.com
      tls
      2.0kB
       9.3kB
       22
      19
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239382741808_11R09KFO4KJIRL38X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      tls, http2
      111.2kB
       3.0MB
       2155
      2150

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239382741809_1LZPXHBRM6H3VX4W8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239382741808_11R09KFO4KJIRL38X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       6.9kB
       15
      13
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      144.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      144.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
       143 B
       1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      136.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      136.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      58.99.105.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      58.99.105.20.in-addr.arpa

    • 8.8.8.8:53
      104.219.191.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      104.219.191.52.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      57.15.31.184.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      57.15.31.184.in-addr.arpa

    • 8.8.8.8:53
      203.107.17.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      203.107.17.2.in-addr.arpa

    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       170 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      10.27.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.27.171.150.in-addr.arpa

    • 8.8.8.8:53
      2.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.173.189.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.