Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Details.lnk

windows7-x64

8

Details.lnk

windows10-2004-x64

8

disallowab...ed.cmd

windows7-x64

1

disallowab...ed.cmd

windows10-2004-x64

1

disallowab...rs.dll

windows7-x64

1

disallowab...rs.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    disallowable/expiated.cmd

  • Size

    347B

  • MD5

    c130cc03a0c0b1d4c9284c236fefbc25

  • SHA1

    0dee60c3a561ee60af3d5646a7a19829b8e59b48

  • SHA256

    f1afcef0c6618cd4bd0889b1844a89ea0d259c4e292f8e109ea17405e56b5a39

  • SHA512

    30227607f37cf8d6201505018a48438fe1a33832714a8405e241f98e6070b3d13a49ee07f11234fc39e55d239a23c622cfd30f68395489d0099d873cdc1fece8

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\disallowable\expiated.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\system32\replace.exe
      replace C:\Windows\system32\regsv C:\Users\Admin\AppData\Local\Temp /A
      2⤵
        PID:1540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads