Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

morsáč.bat

windows7-x64

1

morsáč.bat

windows10-2004-x64

1

Resubmissions

01/06/2023, 10:29

230601-mjktladg55 1

01/06/2023, 10:28

230601-mh61fadg52 1

01/06/2023, 10:27

230601-mhek7aeb9z 1

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2023, 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    morsáč.bat

  • Size

    1KB

  • MD5

    4c1d9925cce58ee333d062a3b51e010a

  • SHA1

    9073d20384407b99a6a7447613392760c4b0814b

  • SHA256

    67597b2f06c2fef4c71c99a3932139cc18a443efccea433255746283e3cc5a45

  • SHA512

    e02599d02c879d15bf04fcb20560b2e99ff58b1c0e7be43e81ffcb3ab2f851a396778012c4b22a4bbb6911cfb91e2b965cb5714550f539017ddf6c319f638950

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c findstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Windows\system32\findstr.exe
        findstr /b /c:". " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
        3⤵
          PID:316
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:908
        • C:\Windows\system32\findstr.exe
          findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
          3⤵
            PID:1312
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Windows\system32\findstr.exe
            findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
            3⤵
              PID:2016
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:1808
            • C:\Windows\system32\findstr.exe
              findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
              3⤵
                PID:1528
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c findstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:1516
              • C:\Windows\system32\findstr.exe
                findstr /b /c:".-- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                3⤵
                  PID:276
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:916
                • C:\Windows\system32\findstr.exe
                  findstr /b /c:"--- " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                  3⤵
                    PID:1504
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c findstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:676
                  • C:\Windows\system32\findstr.exe
                    findstr /b /c:".-. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                    3⤵
                      PID:468
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:972
                    • C:\Windows\system32\findstr.exe
                      findstr /b /c:".-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                      3⤵
                        PID:1632
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c findstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:1088
                      • C:\Windows\system32\findstr.exe
                        findstr /b /c:"-.. " "C:\Users\Admin\AppData\Local\Temp\morsáč.bat"
                        3⤵
                          PID:1624

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads