Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

BlockTheSp...ot.bat

windows7-x64

1

BlockTheSp...ot.bat

windows10-2004-x64

8

BlockTheSp...ME.ps1

windows7-x64

1

BlockTheSp...ME.ps1

windows10-2004-x64

1

BlockTheSp...ll.ps1

windows7-x64

1

BlockTheSp...ll.ps1

windows10-2004-x64

1

BlockTheSp...ole.js

windows7-x64

1

BlockTheSp...ole.js

windows10-2004-x64

1

BlockTheSp...ils.js

windows7-x64

1

BlockTheSp...ils.js

windows10-2004-x64

1

BlockTheSp...bug.js

windows7-x64

1

BlockTheSp...bug.js

windows10-2004-x64

1

BlockTheSp...ify.js

windows7-x64

1

BlockTheSp...ify.js

windows10-2004-x64

1

BlockTheSp...ain.js

windows7-x64

1

BlockTheSp...ain.js

windows10-2004-x64

1

BlockTheSp...ll.bat

windows7-x64

1

BlockTheSp...ll.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BlockTheSpot-master/BlockTheSpot.bat

  • Size

    265B

  • MD5

    d2a6bb7593c8c2c054a65c6d2167197a

  • SHA1

    721bc41054dfbdac908e11881e5c1885002a8183

  • SHA256

    8b78d1071a5c9add21685f9607f42010ef8c04fd4a789a45fe8678fde6ab1d24

  • SHA512

    48fbc3ef45ec6b1fe3fd6a6d832739308bcf84c4bd7fa83b7295e054a29dda15cc0b70d93ef43906c3c9fb4194e66eab02eb8863d2a1a5646c18d7b3a52984ca

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\BlockTheSpot-master\BlockTheSpot.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "& {[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -UseBasicParsing 'https://raw.githubusercontent.com/mrpond/BlockTheSpot/master/install.ps1' | Invoke-Expression}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-4-0x000000001B240000-0x000000001B522000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1716-6-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1716-5-0x00000000024E0000-0x00000000024E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1716-7-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1716-8-0x00000000026B0000-0x0000000002730000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1716-9-0x00000000026B0000-0x0000000002730000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1716-10-0x00000000026B0000-0x0000000002730000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1716-11-0x00000000026B0000-0x0000000002730000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1716-12-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download