Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
01/06/2023, 10:29
230601-mjktladg55 101/06/2023, 10:28
230601-mh61fadg52 101/06/2023, 10:27
230601-mhek7aeb9z 1Analysis
-
max time kernel
13s -
max time network
15s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
01/06/2023, 10:28
General
-
Target
morsáč.bat
-
Size
1KB
-
MD5
4c1d9925cce58ee333d062a3b51e010a
-
SHA1
9073d20384407b99a6a7447613392760c4b0814b
-
SHA256
67597b2f06c2fef4c71c99a3932139cc18a443efccea433255746283e3cc5a45
-
SHA512
e02599d02c879d15bf04fcb20560b2e99ff58b1c0e7be43e81ffcb3ab2f851a396778012c4b22a4bbb6911cfb91e2b965cb5714550f539017ddf6c319f638950
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 36 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c findstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\findstr.exefindstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"3⤵
-
-
-
C:\Windows\system32\findstr.exefindstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"1⤵