Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

file.bat

windows7-x64

10

file.bat

windows10-2004-x64

10

Resubmissions

20/08/2023, 21:19 UTC

230820-z6hzqsbb31 1

18/08/2023, 14:29 UTC

230818-rtpyhsca8s 10

Analysis

  • max time kernel
    59s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2023, 14:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.bat

  • Size

    53B

  • MD5

    b6fd5928246a15c4f4f41bbe0e9f6580

  • SHA1

    dc91b7626c6edc9cf56c21bf989e688331d2ff72

  • SHA256

    66d933492b04817c8407992676f09e3c7451c93b6902616b738153d3d41bc6a2

  • SHA512

    f5a15a8b4568f2cb3641be8ad9cf071584365cd52b93ca8efbb24daed3b26c43e4272606c9607a3647628d707537f6a6b62908dc601f4ecd0cec1072f4f5fbb9

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 16 IoCs
    evasion
  • Modifies security service 2 TTPs 8 IoCs
    evasion
  • Registers new Print Monitor 2 TTPs 13 IoCs
    persistence
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\file.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Windows\system32\reg.exe
      reg delete HKEY_LOCAL_MACHINE\system
      2⤵
      • Modifies firewall policy service
      • Modifies security service
      • Registers new Print Monitor
      PID:4060

Network

  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.