Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PARTNE~1.js

windows7-x64

10

PARTNE~1.js

windows10-2004-x64

10

Resubmissions

12/12/2024, 13:36

241212-qwaqyawjax 10

11/12/2024, 18:29

241211-w5ap7aykfp 10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2024, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PARTNE~1.js

  • Size

    4.8MB

  • MD5

    c9d5adc4792cfe69dfca70af9bc052e9

  • SHA1

    4d32c2ac090e376d9e904742efa92875aa1d7f2d

  • SHA256

    b5714c08796a133195e3afac3bb78368a5432472b22fce5f5c4ba64a052d820f

  • SHA512

    055a9312d0ff71335ef7425757595ebfd308114b8018493938aa1cdf061b947fcec6171afe9cd77533768ec46de70f0cea00da3b492ad59585a6d46c9079dbc1

  • SSDEEP

    3072:uDY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY7:z

Score
10/10
gootloaderexecutionloader

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    loadergootloader
  • Gootloader family
    gootloader
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\PARTNE~1.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" cscript "PARTNE~1.js"
      2⤵
        PID:2924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads