Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

AUTOMO~1.js

windows7-x64

10

AUTOMO~1.js

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/12/2024, 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AUTOMO~1.js

  • Size

    4.4MB

  • MD5

    6166491ad0afd48ddf8a220c09647acf

  • SHA1

    eab4db5de13cd5a0dc2ae132fc99417c0d04df8c

  • SHA256

    3fafb3a2d8317e616647c7a8515109b517fd7a194694d7992f0cc451175687e0

  • SHA512

    25952807d8044f3dbd2f597139ff38873666cb8529dc5eb98b35a10b2ac8df2d6f07eddf4d29575a4ae6037b4164cb1792615f7fc289eb2f6f863ef313908285

  • SSDEEP

    12288:5ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ3:h

Score
10/10
gootloaderexecutionloader

Malware Config

Signatures

  • GootLoader

    JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    loadergootloader
  • Gootloader family
    gootloader
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\AUTOMO~1.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" cscript "AUTOMO~1.js"
      2⤵
        PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads