Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

c31cee51ac...bb6.js

windows7-x64

3

c31cee51ac...bb6.js

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    24/10/2024, 02:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js

  • Size

    205KB

  • MD5

    b60592cb963de5d1cb804db6c07dd289

  • SHA1

    20c09f859df663850c5f6ec109bc9a5a2831c022

  • SHA256

    c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6

  • SHA512

    253537ea93ebf4c2decacea5a99ef1b7351d839498f690357a9ce6bc57baf2835b40cc7a7d4819a0e69cdfabea28290c0b6f3ea6c71971ca99967c789a59e251

  • SSDEEP

    3072:DQGJLNtKFO/4xaWihrT5UAE5mZgyFz+OOdBdlsNzsQVmWp7:DQ6/n/WaWiha95bQz+OOjdMzsQVmWZ

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\c31cee51acf037dd2a09dd6dfddc5e889df9646af5625f827007c5b795b0dbb6.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\mqzibkh.txt"
      2⤵
        PID:2744

    Network

    • flag-us
      DNS
      repo1.maven.org
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      repo1.maven.org
      IN A
      Response
      repo1.maven.org
      IN CNAME
      dualstack.sonatype.map.fastly.net
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.192.209
      dualstack.sonatype.map.fastly.net
      IN A
      199.232.196.209
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      objects.githubusercontent.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      objects.githubusercontent.com
      IN A
      Response
      objects.githubusercontent.com
      IN A
      185.199.110.133
      objects.githubusercontent.com
      IN A
      185.199.108.133
      objects.githubusercontent.com
      IN A
      185.199.111.133
      objects.githubusercontent.com
      IN A
      185.199.109.133
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • flag-us
      DNS
      github.com
      javaw.exe
      Remote address:
      8.8.8.8:53
      Request
      github.com
      IN A
      Response
      github.com
      IN A
      20.26.156.215
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      20.4kB
       736.9kB
       369
      545
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.9kB
       10.3kB
       17
      19
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      15.2kB
       538.4kB
       276
      401
    • 199.232.192.209:443
      repo1.maven.org
      tls
      javaw.exe
      16.2kB
       746.5kB
       328
      548
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      597 B
       4.7kB
       8
      7
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      2.5kB
       10.9kB
       17
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      2.5kB
       10.9kB
       17
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       16
      15
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 20.26.156.215:443
      github.com
      tls
      javaw.exe
      1.8kB
       10.1kB
       15
      14
    • 185.199.110.133:443
      objects.githubusercontent.com
      tls
      javaw.exe
      545 B
       3.9kB
       7
      8
    • 8.8.8.8:53
      repo1.maven.org
      dns
      javaw.exe
      61 B
       140 B
       1
      1

      DNS Request

      repo1.maven.org

      DNS Response

      199.232.192.209
      199.232.196.209

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      objects.githubusercontent.com
      dns
      javaw.exe
      75 B
       139 B
       1
      1

      DNS Request

      objects.githubusercontent.com

      DNS Response

      185.199.110.133
      185.199.108.133
      185.199.111.133
      185.199.109.133

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    • 8.8.8.8:53
      github.com
      dns
      javaw.exe
      56 B
       72 B
       1
      1

      DNS Request

      github.com

      DNS Response

      20.26.156.215

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\mqzibkh.txt
      Filesize

      92KB

      MD5

      7b51be77942ed021489dbf24edec3de0

      SHA1

      87c16cedede053c98a0e8ee17ffbfdeb8525071b

      SHA256

      489004af1fd6085da359ab80ecce733e9bda9d5f7ddf08edcd5ae38a24826177

      SHA512

      5590644bcebbebd12d597ab11a5fe6fa584800ca8eda8cea45b5bd5b81bccccc92a1f5362282b74934f68ce5820bb6cd89c5e43cf328445105c42d4367194706

      Download Submit

    • memory/2744-4-0x0000000002250000-0x00000000024C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2744-12-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-19-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-26-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-28-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-38-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-39-0x0000000002250000-0x00000000024C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2744-55-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-50-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-63-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-84-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-86-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-93-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-97-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.