Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

c873297682...18.vbs

windows7-x64

8

c873297682...18.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 07:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c873297682ade13292f6630a612b6e4f_JaffaCakes118.vbs

  • Size

    758B

  • MD5

    c873297682ade13292f6630a612b6e4f

  • SHA1

    a0ccfe79d08164cf346d1eb3e6b1f4a21ab34e5d

  • SHA256

    303a9083457e47d857882825d4964982bdf02563383490f2704cc165ab2a6164

  • SHA512

    02237291150d94743c47465754fb86342d4ece0ce996ed24502b191e68063a75884b6f36be2075ebc838d5300adb183c238cc9a6a55239bcc340b7f39901e035

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\c873297682ade13292f6630a612b6e4f_JaffaCakes118.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" firewall add allowedprogram program=Shell_Update.exe name=Win32_ShellUpdate
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.