Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

Install.cmd

windows7-x64

1

Install.cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2023, 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install.cmd

  • Size

    575B

  • MD5

    b04e5a3b8cc22bc00403062908dd9920

  • SHA1

    282d0e0c973e3604cb9bba4a72492f4ee3af10a5

  • SHA256

    76bf1a519ef7ed2994392e710edeb10fc0bd563993f6bcf5212d91e59dcf5610

  • SHA512

    9f7136b9918e4146361fd338d212469a475dba09e34488c3ca8cef1ae07a0a9a1098294e3e54b114e76baa66fa57fd6ef3ae5a2f394d76d74936d47d030e0e00

Score
1/10

Malware Config

Signatures

  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Install.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Windows\system32\xcopy.exe
      xcopy ADCDA2 C:\ADCDA2 /s /e /c /i /q /r /y
      2⤵
        PID:1292
      • C:\Windows\system32\cscript.exe
        cscript shortcut.vbs
        2⤵
          PID:964
        • C:\Windows\regedit.exe
          regedit /s RegSettings.reg
          2⤵
          • Runs .reg file with regedit
          PID:1480
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /s C:\ADCDA2\ChilkatCrypt2.dll
          2⤵
          • Suspicious behavior: CmdExeWriteProcessMemorySpam
          PID:832

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1480-57-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

        Filesize

        8KB

        Download