Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

EA DLC Unl...on.dll

windows7-x64

3

EA DLC Unl...on.dll

windows10-2004-x64

1

EA DLC Unl...on.dll

windows7-x64

1

EA DLC Unl...on.dll

windows10-2004-x64

1

EA DLC Unl...up.bat

windows7-x64

1

EA DLC Unl...up.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2023, 21:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EA DLC Unlocker v2/setup.bat

  • Size

    10KB

  • MD5

    92ea995333b458436f2a83aa716e6cbf

  • SHA1

    2d8c70a13ac9e0ae29ada8f44466e3b1e973407d

  • SHA256

    158a9f0803ce96524b976d23e27dfe8acb500697cc4921d223e508b23a9f082b

  • SHA512

    5e243753c5d5d4deed6d8ad5f5d9027c2ef95a5ebba94d1cad5166a3d6d4a7c8b712845630e2a0104f0d05a72db30e722ac7bdbffa09bd8ac4f3892bf3801b22

  • SSDEEP

    96:yHMTV0x7udEaavoQ5cyHDmmPEayM6tVEtrBK5ZQ2hvs4kaDZtDF55Jl77ImO:ysixaM15cr4EhLEr4ZDVJ2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\EA DLC Unlocker v2\setup.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo marco "
      2⤵
        PID:1628
      • C:\Windows\system32\findstr.exe
        findstr /C:"polo"
        2⤵
          PID:1976
        • C:\Windows\system32\findstr.exe
          findstr /V /C:"polo"
          2⤵
            PID:880
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /S /D /c" echo marco "
            2⤵
              PID:1616
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\EA DLC Unlocker v2\" "
              2⤵
                PID:1340
              • C:\Windows\system32\findstr.exe
                findstr /V /C:"C:\Users\Admin\AppData\Local\Temp"
                2⤵
                  PID:1908

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads