hxxps://158[.]69[.]36[.]15/files/estrouvinhar[.]js | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://158.69.36.15...

windows11-21h2-x64

8

Resubmissions

13/12/2024, 13:42

241213-qzv62szngy 10

12/12/2024, 18:20

241212-wytvgssnay 8

12/12/2024, 17:47

241212-wcwrys1qg1 7

12/12/2024, 17:04

241212-vldr3aspck 8

12/12/2024, 16:25

241212-txbw6szkhx 8

11/12/2024, 19:44

241211-yfvp6swkhv 8

09/12/2024, 19:12

241209-xwm5laxpbt 8

09/12/2024, 17:25

241209-vzfhtavngv 3

09/12/2024, 13:30

241209-qsbh3atnfp 3

08/12/2024, 20:49

241208-zl1n2stqas 8

Sharing

General

Target

https://158.69.36.15/files/estrouvinhar.js
Sample

241209-xwm5laxpbt

Score

8^/10

defense_evasion discovery evasion execution persistence phishing

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://158.69.36.15/files/estrouvinhar.js

Resource

win11-20241007-en

defense_evasion discovery evasion execution persistence phishing

windows11-21h2-x64

37 signatures

1800 seconds

Malware Config

Targets

- Target
  
  https://158.69.36.15/files/estrouvinhar.js
Score

8^/10

defense_evasion discovery evasion execution persistence phishing
- Blocklisted process makes network request
- Creates new service(s)
  persistence execution
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion execution
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

urlscan1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistencephishing

© 2018-2025

Terms | Privacy