Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

12.bat

windows7-x64

3

12.bat

windows10-2004-x64

4

Analysis

  • max time kernel
    1603s
  • max time network
    1606s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2023, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12.bat

  • Size

    49B

  • MD5

    354ee47d9b7f0877aaecd8db36e01468

  • SHA1

    9bd07f39a7b4980f4565c6a3a47f15d783707df0

  • SHA256

    6ae2b903b9e73ecac6542c15a01cfa044c06ff575b8f86e44e03140a35bea87f

  • SHA512

    20735574ef7634039d9de979e088193eb63d0682c602d2ecaa0296b72e5636de41b53a802d6ce205fc7334c7716c4add716de87205500c0384a55a5265a653f7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\12.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Xhackerprog/XWorm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:324

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13d79d1601edbc4cd791c8eb14ec0856

    SHA1

    434e61b1e92a5906ee086da98061dc6055adfd85

    SHA256

    b78b404568284e7a90af403b66b4930a99128f0385b8843c238278b6e3fc441f

    SHA512

    2f262e833f0551019aa04b04fa1cc1d63a4e309cd14285b6fae579983e908037ddcc0261e431bda8b4db4752b3b02e924fdfd15eb5779527f8b0f4037572717d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b416be6b2614f941ff8943a8786443b

    SHA1

    cdc2fad738c6d9bb436f795d7aa6cc8d6a5aa6a9

    SHA256

    eb8174e6df76b149fbe35a2834907d9dc2a387fa3f134da1a19126b0c025200c

    SHA512

    740b82469dd679b7320a0cb198809416e1c6526c3d1af6794c634b1071773113ab1b7ac6aa3e9d13166c275dedc9f10cd956e52a087f8629f5300369c98304ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b47be395aad364ae69f4baecb4a54e3

    SHA1

    79ec8f2760038339b3c79fbc64e493bfc1604508

    SHA256

    6add4aed1612a4fce100da13ecf2bceec8e26cc4a6cb9e5fecf0aba68d39e0c2

    SHA512

    af659f122cba7317a1d24de49c1288d51a8e5ace1a5b83b84983196fde40cebf25bba9702e70ab2d2eb08077f8e7570d38bf2ebecb3a7558e679d6fb6a70de2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdceb0f4bf1ccbe259e791924ccd0b3d

    SHA1

    a95e14f002f747bcb48dfa457b9d728e4c36ba80

    SHA256

    1741c47653180f2686f3d8ca27184a3060561e959f343d7c21944df78c394d81

    SHA512

    2a45942412c7e054f0933833ee4a584f804feae32c2e32480a17327c08311b98320331cb68c5dd238f73ffbcb7a4777e67b7b034253d5a72a4083196ee25aa92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a54805ab3bc1c20059e28e4bd8cc2f06

    SHA1

    51d36c8886a582ad394138572a9e8368a80c3014

    SHA256

    360c8f330230579b23a1aa00509f1c3c5a276fee827b0e0e22d51d576e793aa2

    SHA512

    afc2af9c2a4c7077efac6e0d4e4e9e03e60212d22cefcac3b293c30f42ae2a8c6052daea2f6f5f036815d591bc967a46ad437178d6069761717f45294ee822b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ffbedd29ff7961db10113e85b0611ac6

    SHA1

    3167b55f272b0adee22dffa7f4a8ac719690160b

    SHA256

    2f875e037bea6e50406802950d2b80c41649078b502ad3295dec1c54d36d767c

    SHA512

    3035ed3f1a48e2ef5d9cf9dcaa81fad78467ed653940cf5605b79d8ef87496cc1004aa5d4a69f75800a7cef49de2791ccb3b6d14557991235f5d1b041c261c14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d72c5b2b8569c245b399b6bf188afbae

    SHA1

    b00850ab8132b949a77f8a3b82379fd02738e0ea

    SHA256

    eb86bcf01dfbbe55a45e950a0d6d987a3aadcda941c7470f7212f67b9d38cd74

    SHA512

    5a67b06f1428ff1b93adf6c7b7f79c15608902a40c56e4baf5b232fc4fd68696e973d7fdbd24bdc79452d246a8ad714be56ba5866ad16de88e53fbe5f2130d84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7d8e7887c05effbd583081d72049cf9

    SHA1

    f670778c4270e1cd7d2b35eaa90e59f2a3dbf51c

    SHA256

    22aba0262eb8086ef00b125936b2bacea7a105ce9797a16a1c5e9462e4a91f70

    SHA512

    c411bb7dbd9d3e8ad703a6f62243d17bd0990c1287f3c2205dd64b57c89aa0c50eb49802df2a6cb3b0732382ce35056a53a8e9f406f3afa195f65e2f7015dc88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9adc2b591e53a85220de1cda09581cec

    SHA1

    de0ed746afb404829c602dba5b00c2ed023a90a2

    SHA256

    994f2a5a4168a5ccb05a64bae4eac647bc14743df40ad958d6ff904f9e37fb4f

    SHA512

    431b3326fb40a540c2bec723288e56c3796ce40cd53b02150c50e67a0a2b4100e1102bc4947c549aa0132a329f6d5227e2f7f2ef60b87f2cea2c0d41ab6432f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9744.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9743.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1NVTQLDD.txt
    Filesize

    607B

    MD5

    2a4dde59d3227e849e83d25842d02839

    SHA1

    f73a7573723c9a3145c4aafa50f874bf9affc8a9

    SHA256

    ca5a5c85f358fcf3d1f044bf3b38215541952598eb8f5393b8e068e57acdfd2b

    SHA512

    7b14605e5e9d00b57584a9e12043784612d3d565676c0195318ef77ad434cbbb3569e0b33057890b53642151a1c8553e3a430a83fd9144d84c0f4b9eb900189c

    Download Submit