Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

Cawt-2.9.6...e.docx

windows7-x64

4

Cawt-2.9.6...e.docx

windows10-2004-x64

1

Cawt-2.9.6...fo.tcl

ubuntu-18.04-amd64

1

Cawt-2.9.6...fo.tcl

debian-9-armhf

1

Cawt-2.9.6...fo.tcl

debian-9-mips

1

Cawt-2.9.6...fo.tcl

debian-9-mipsel

1

Cawt-2.9.6...ic.vbs

windows7-x64

1

Cawt-2.9.6...ic.vbs

windows10-2004-x64

1

Cawt-2.9.6...ed.vbs

windows7-x64

1

Cawt-2.9.6...ed.vbs

windows10-2004-x64

1

Cawt-2.9.6...il.vbs

windows7-x64

1

Cawt-2.9.6...il.vbs

windows10-2004-x64

1

Cawt-2.9.6...il.vbs

windows7-x64

1

Cawt-2.9.6...il.vbs

windows10-2004-x64

1

Cawt-2.9.6...te.vbs

windows7-x64

1

Cawt-2.9.6...te.vbs

windows10-2004-x64

1

Cawt-2.9.6...il.vbs

windows7-x64

1

Cawt-2.9.6...il.vbs

windows10-2004-x64

1

Cawt-2.9.6...il.vbs

windows7-x64

1

Cawt-2.9.6...il.vbs

windows10-2004-x64

1

Cawt-2.9.6...ic.vbs

windows7-x64

1

Cawt-2.9.6...ic.vbs

windows10-2004-x64

1

Cawt-2.9.6...sv.vbs

windows7-x64

1

Cawt-2.9.6...sv.vbs

windows10-2004-x64

1

Cawt-2.9.6...ml.vbs

windows7-x64

1

Cawt-2.9.6...ml.vbs

windows10-2004-x64

1

Cawt-2.9.6...aw.vbs

windows7-x64

1

Cawt-2.9.6...aw.vbs

windows10-2004-x64

1

Cawt-2.9.6...le.vbs

windows7-x64

1

Cawt-2.9.6...le.vbs

windows10-2004-x64

1

Cawt-2.9.6...ki.vbs

windows7-x64

1

Cawt-2.9.6...ki.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cawt-2.9.6-User/CawtCore/cawtBasic.vbs

  • Size

    20KB

  • MD5

    4be09b027e0e914910a2f7bbdad07dcf

  • SHA1

    40da9c358072f7a21f55712c3ee8f146cf9e3065

  • SHA256

    0f8be0103b575877c202012c7587a0054aa0d9f2b8c8b0ad0232ba70b0811c23

  • SHA512

    ae4922a99a478935b979c6dad47d406c64d5176dbf387d2da91119f95a878ed7b251cd2787674d02af849fbd7d8c8d85ccb50e65f89898747925dfef23a236e1

  • SSDEEP

    384:6F7AxnDcceq4IjFBznzUfmOLLrt4wds9u1Rou8ufhDRU0ed/GPi8xdGEevpzOKgr:6F7AxnDcceq4IjFBbAfmOLLrt4wdzWuL

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Cawt-2.9.6-User\CawtCore\cawtBasic.vbs"
    1⤵
      PID:1608

    Network

    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.160.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.160.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.190.18.2.in-addr.arpa
      IN PTR
      Response
      73.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-73deploystaticakamaitechnologiescom
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      73.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.190.18.2.in-addr.arpa
      IN PTR
      Response
      73.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-73deploystaticakamaitechnologiescom
    No results found
    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      14.160.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      14.160.190.20.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      350 B
       156 B
       5
      1

      DNS Request

      50.23.12.20.in-addr.arpa

      DNS Request

      50.23.12.20.in-addr.arpa

      DNS Request

      50.23.12.20.in-addr.arpa

      DNS Request

      50.23.12.20.in-addr.arpa

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      56.126.166.20.in-addr.arpa

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      73.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      360 B
       5

      DNS Request

      14.227.111.52.in-addr.arpa

      DNS Request

      14.227.111.52.in-addr.arpa

      DNS Request

      14.227.111.52.in-addr.arpa

      DNS Request

      14.227.111.52.in-addr.arpa

      DNS Request

      14.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      73.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      73.190.18.2.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.