Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

48e280510d...6f3.js

windows7-x64

3

48e280510d...6f3.js

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2024, 01:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48e280510d763ea0508f85658e5a5fdf4fb9a5b5e3de47d9fc271210a2e9f6f3.js

  • Size

    853KB

  • MD5

    7830034fcf7339f1d60f197b5298fde0

  • SHA1

    5b46b120da09408ac5365a41d2d1d592ee16354e

  • SHA256

    48e280510d763ea0508f85658e5a5fdf4fb9a5b5e3de47d9fc271210a2e9f6f3

  • SHA512

    4ff8ac75039d6fbf0060f73b18d74d37ad4f8b47b490dc869b26f9671c593dcf65eab52e6e0f0ef71f05189648bc0d74aac78b667553e0fce0f2e20e476d8265

  • SSDEEP

    6144:KQXRiLVR+ZAFgfFIxviPCxeocRmAmuJp36clx+SzqAXyLCXiXh9VFIoqjKh633zq:Zo

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\48e280510d763ea0508f85658e5a5fdf4fb9a5b5e3de47d9fc271210a2e9f6f3.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\baavkncpcc.txt"
      2⤵
        PID:2004

    Network

    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      repo1.maven.org
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      repo1.maven.org
      IN A
      Response
      repo1.maven.org
      IN CNAME
      dualstack.sonatype.map.fastly.net
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.192.209
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.196.209
    • flag-us
      DNS
      objects.githubusercontent.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      objects.githubusercontent.com
      IN A
      Response
      objects.githubusercontent.com
      IN A
      185.199.108.133
      objects.githubusercontent.com
      IN A
      185.199.111.133
      objects.githubusercontent.com
      IN A
      185.199.109.133
      objects.githubusercontent.com
      IN A
      185.199.110.133
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      35.3kB
       1.6MB
       693
      1138
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      54.1kB
       2.8MB
       1114
      2008
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      85.5kB
       4.5MB
       1780
      3219
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.2kB
       15
      16
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      592 B
       3.9kB
       8
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      13
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      13
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.108.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      repo1.maven.org
      dns
      javaw.exe
      61 B
       140 B
       1
      1

      DNS Request

      repo1.maven.org

      DNS Response

      199.232.192.209
      199.232.196.209

    • 8.8.8.8:53
      objects.githubusercontent.com
      dns
      javaw.exe
      75 B
       139 B
       1
      1

      DNS Request

      objects.githubusercontent.com

      DNS Response

      185.199.108.133
      185.199.111.133
      185.199.109.133
      185.199.110.133

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\baavkncpcc.txt
      Filesize

      92KB

      MD5

      2cc7e15396dc275497fcf51f461da38d

      SHA1

      6fa0f11b6d9e3812a86ff1d43a86ad34bfc41062

      SHA256

      e14f1c7e11a1f1ddd570d605e4204a694a7370d603c1b1ca157e505f180ccc48

      SHA512

      daf71473c48f9592d33a49ff2f6d7b84e2c3a992f18a29979494cae86623328f0137c6ae9046cf3bbeb75d90d2a030d1fdbf3aca8718ea769429ce1e6e4a931f

      Download Submit

    • memory/2004-4-0x00000000024D0000-0x0000000002740000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2004-12-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-19-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-29-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-34-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-36-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-37-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-38-0x00000000024D0000-0x0000000002740000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2004-42-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2004-46-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.