Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

287323eb8d...f74.js

windows7-x64

3

287323eb8d...f74.js

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 01:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    287323eb8dce9257ec7c85c9bea69dd1730a1e15c2df7476343ce8a95567ff74.js

  • Size

    746KB

  • MD5

    e20445bd8d40d72c17a93a6e175842c2

  • SHA1

    9a887a492204632b05e67e9479d322ae620bb577

  • SHA256

    287323eb8dce9257ec7c85c9bea69dd1730a1e15c2df7476343ce8a95567ff74

  • SHA512

    d1bad3833aac26756a269d00c6fee14170a623951c8f9cb6b65ae01990b613966d76cef2cab440645a610c25f86c98b3995fff7b301e45e8905bbee5ae489b5d

  • SSDEEP

    6144:XQ792xbDD02mhpWBGtT1fMqGdlKzF5QG+sx9z5hubTYh/KI4GGp1/dKyuaDteR0C:gT

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\287323eb8dce9257ec7c85c9bea69dd1730a1e15c2df7476343ce8a95567ff74.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\hutnxdogz.txt"
      2⤵
        PID:3048

    Network

    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      repo1.maven.org
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      repo1.maven.org
      IN A
      Response
      repo1.maven.org
      IN CNAME
      dualstack.sonatype.map.fastly.net
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.196.209
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.192.209
    • flag-us
      DNS
      objects.githubusercontent.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      objects.githubusercontent.com
      IN A
      Response
      objects.githubusercontent.com
      IN A
      185.199.108.133
      objects.githubusercontent.com
      IN A
      185.199.109.133
      objects.githubusercontent.com
      IN A
      185.199.111.133
      objects.githubusercontent.com
      IN A
      185.199.110.133
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      84.8kB
       4.5MB
       1777
      3212
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      53.8kB
       2.8MB
       1119
      2000
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      32.5kB
       1.6MB
       659
      1131
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      17
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      644 B
       4.7kB
       9
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.8kB
       7
      6
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      2.5kB
       10.8kB
       17
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      3.0kB
       10.3kB
       19
      17
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      592 B
       3.8kB
       8
      7
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      2.8kB
       10.9kB
       19
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      2.5kB
       10.8kB
       17
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      644 B
       4.7kB
       9
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.0kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.9kB
       10.4kB
       17
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      javaw.exe
      52 B
       1
    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      repo1.maven.org
      dns
      javaw.exe
      61 B
       140 B
       1
      1

      DNS Request

      repo1.maven.org

      DNS Response

      199.232.196.209
      199.232.192.209

    • 8.8.8.8:53
      objects.githubusercontent.com
      dns
      javaw.exe
      75 B
       139 B
       1
      1

      DNS Request

      objects.githubusercontent.com

      DNS Response

      185.199.108.133
      185.199.109.133
      185.199.111.133
      185.199.110.133

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\hutnxdogz.txt
      Filesize

      92KB

      MD5

      2cc7e15396dc275497fcf51f461da38d

      SHA1

      6fa0f11b6d9e3812a86ff1d43a86ad34bfc41062

      SHA256

      e14f1c7e11a1f1ddd570d605e4204a694a7370d603c1b1ca157e505f180ccc48

      SHA512

      daf71473c48f9592d33a49ff2f6d7b84e2c3a992f18a29979494cae86623328f0137c6ae9046cf3bbeb75d90d2a030d1fdbf3aca8718ea769429ce1e6e4a931f

      Download Submit

    • memory/3048-4-0x0000000002630000-0x00000000028A0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3048-12-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-19-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-26-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-27-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-28-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-30-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-34-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-37-0x0000000002630000-0x00000000028A0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3048-41-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-47-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-53-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-54-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3048-79-0x0000000000330000-0x0000000000331000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.