Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

button-in-...on.bat

windows7-x64

1

button-in-...on.bat

windows10-2004-x64

1

button-in-...le.bat

windows7-x64

1

button-in-...le.bat

windows10-2004-x64

1

button-in-...ut.exe

windows7-x64

1

button-in-...ut.exe

windows10-2004-x64

1

button-in-...ox.exe

windows7-x64

1

button-in-...ox.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    189s
  • max time network
    217s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 17:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    button-in-batch-file-main/Example.bat

  • Size

    373B

  • MD5

    4968b79bd8673f11788794e66af14fa6

  • SHA1

    c6645af78b00e111992ea9063dff26dfa1ba8739

  • SHA256

    76cd7f00b6935ac67989e1ec9b9a988c0b2b3a99ba1718454b03ca81c424cfad

  • SHA512

    b307963c928140de46f8459e12ef1b8749e75af9f1b43a35d66e52f948ef26be18cdbf2f15f366de9efc434450a50f8f2230df2463fa647c77affe669f377394

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\button-in-batch-file-main\Example.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\system32\mode.com
      Mode 48,18
      2⤵
        PID:828
      • C:\Users\Admin\AppData\Local\Temp\button-in-batch-file-main\batbox.exe
        Batbox /h 0
        2⤵
          PID:768
        • C:\Users\Admin\AppData\Local\Temp\button-in-batch-file-main\batbox.exe
          batbox /g 12 3 /a 218 /g 34 3 /a 191 /g 12 5 /a 192 /g 34 5 /a 217 /g 13 3 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 13 5 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 12 4 /a 179 /g 34 4 /a 179 /g 13 4 /d " Exemplo de botao 1 " /g 12 7 /a 218 /g 34 7 /a 191 /g 12 9 /a 192 /g 34 9 /a 217 /g 13 7 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 13 9 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 12 8 /a 179 /g 34 8 /a 179 /g 13 8 /d " Exemplo de botao 2 " /g 19 11 /a 218 /g 26 11 /a 191 /g 19 13 /a 192 /g 26 13 /a 217 /g 20 11 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 20 13 /a 196 /a 196 /a 196 /a 196 /a 196 /a 196 /g 19 12 /a 179 /g 26 12 /a 179 /g 20 12 /d " Sair "
          2⤵
            PID:4716
          • C:\Users\Admin\AppData\Local\Temp\button-in-batch-file-main\GetInput.exe
            Getinput /m 13 4 33 4 13 8 33 8 20 12 25 12 /h 70
            2⤵
              PID:1516

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/768-0-0x0000000000400000-0x0000000000402000-memory.dmp

            Filesize

            8KB

            Download

          • memory/768-1-0x0000000000400000-0x0000000000402000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4716-2-0x0000000000400000-0x0000000000402000-memory.dmp

            Filesize

            8KB

            Download