Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

updates.js

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updates.js

  • Size

    7.3MB

  • Sample

    240704-dyqtqatfqc

  • MD5

    6bdaf6f9471045d5e64c183642ad07ea

  • SHA1

    4dc6f79c3477ad062df116d974bb83f17397fa27

  • SHA256

    b4b37761d122ba3fd588ddae9bebde2c755a63ed7025d69c0089e4b70e789d45

  • SHA512

    540b6e78ff6bc2fa4a7dee1c852665c219157c93f51cba7d978252c1f4c6ed4da865c78a514f60a92a545a590008925dd198c8213b86a6051adc9eceb3cefb7e

  • SSDEEP

    49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQy:p

Score
10/10
netsupportexecutionpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://helpcenter.cyou/help.php?5977
exe.dropper

http://helpcenter.cyou/help.php?5977

Targets

    • Target

      updates.js

    • Size

      7.3MB

    • MD5

      6bdaf6f9471045d5e64c183642ad07ea

    • SHA1

      4dc6f79c3477ad062df116d974bb83f17397fa27

    • SHA256

      b4b37761d122ba3fd588ddae9bebde2c755a63ed7025d69c0089e4b70e789d45

    • SHA512

      540b6e78ff6bc2fa4a7dee1c852665c219157c93f51cba7d978252c1f4c6ed4da865c78a514f60a92a545a590008925dd198c8213b86a6051adc9eceb3cefb7e

    • SSDEEP

      49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQy:p

    Score
    10/10
    netsupportexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks