Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Proof of payment.js

windows7-x64

3

Proof of payment.js

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/10/2024, 00:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Proof of payment.js

  • Size

    199KB

  • MD5

    efe96b774d716e94b8ddf67f11799f72

  • SHA1

    cebf7446b7712b0be7d4139690413cb0a3ec2926

  • SHA256

    cc60fd66292a5edd37d23b5f3928015bd7aefa106df32d27adfe0604564ca682

  • SHA512

    795ff59eab0a6d253c5e039e6695d9f00f6e0a13714f311ecb744102c67fdbf5158812b570b7198bdd21349c6a2757ee85101517e71c446e56910f488cccf853

  • SSDEEP

    3072:DQ18m6EBIFcNzKF2+uKr0rZvInqhvFm+LeOn6dHihG+KwszDU:DQv6DSNWFUKrOQnqhvFm+0Vio+jR

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\Proof of payment.js"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\elcyocepm.txt"
      2⤵
        PID:2236

    Network

    • flag-us
      DNS
      repo1.maven.org
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      repo1.maven.org
      IN A
      Response
      repo1.maven.org
      IN CNAME
      dualstack.sonatype.map.fastly.net
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.196.209
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.192.209
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      objects.githubusercontent.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      objects.githubusercontent.com
      IN A
      Response
      objects.githubusercontent.com
      IN A
      185.199.111.133
      objects.githubusercontent.com
      IN A
      185.199.108.133
      objects.githubusercontent.com
      IN A
      185.199.110.133
      objects.githubusercontent.com
      IN A
      185.199.109.133
    • flag-us
      DNS
      objects.githubusercontent.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      objects.githubusercontent.com
      IN A
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      31.6kB
       1.6MB
       647
      1141
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      77.6kB
       4.5MB
       1657
      3216
    • 199.232.196.209:443
      repo1.maven.org
      tls
      javaw.exe
      51.6kB
       2.8MB
       1074
      2000
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      597 B
       3.9kB
       8
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.111.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      javaw.exe
    • 185.199.111.133:443
      javaw.exe
    • 8.8.8.8:53
      repo1.maven.org
      dns
      javaw.exe
      61 B
       140 B
       1
      1

      DNS Request

      repo1.maven.org

      DNS Response

      199.232.196.209
      199.232.192.209

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      objects.githubusercontent.com
      dns
      javaw.exe
      150 B
       139 B
       2
      1

      DNS Request

      objects.githubusercontent.com

      DNS Request

      objects.githubusercontent.com

      DNS Response

      185.199.111.133
      185.199.108.133
      185.199.110.133
      185.199.109.133

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\elcyocepm.txt
      Filesize

      92KB

      MD5

      7b51be77942ed021489dbf24edec3de0

      SHA1

      87c16cedede053c98a0e8ee17ffbfdeb8525071b

      SHA256

      489004af1fd6085da359ab80ecce733e9bda9d5f7ddf08edcd5ae38a24826177

      SHA512

      5590644bcebbebd12d597ab11a5fe6fa584800ca8eda8cea45b5bd5b81bccccc92a1f5362282b74934f68ce5820bb6cd89c5e43cf328445105c42d4367194706

      Download Submit

    • memory/2236-4-0x0000000002740000-0x00000000029B0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2236-12-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-19-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-31-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-38-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-39-0x0000000002740000-0x00000000029B0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2236-41-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-46-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-50-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2236-72-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.