Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
1brave.bat
windows7-x64
1brave.bat
windows10-2004-x64
1brave.ps1
windows7-x64
1brave.ps1
windows10-2004-x64
1brave.vbs
windows7-x64
3brave.vbs
windows10-2004-x64
7notepad.bat
windows7-x64
1notepad.bat
windows10-2004-x64
1notepad.ps1
windows7-x64
1notepad.ps1
windows10-2004-x64
1notepad.vbs
windows7-x64
3notepad.vbs
windows10-2004-x64
7Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
27/11/2023, 11:16
Static task
static1
Behavioral task
behavioral1
Sample
brave.bat
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
brave.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
brave.ps1
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
brave.ps1
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
brave.vbs
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
brave.vbs
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
notepad.bat
Resource
win7-20231020-en
Behavioral task
behavioral8
Sample
notepad.bat
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
notepad.ps1
Resource
win7-20231025-en
Behavioral task
behavioral10
Sample
notepad.ps1
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
notepad.vbs
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
notepad.vbs
Resource
win10v2004-20231023-en
General
-
Target
brave.bat
-
Size
253B
-
MD5
cb4f8bad62ca4f8abaa4f756fc8eb445
-
SHA1
f90371d91dc50c77b226be58734905975134ea02
-
SHA256
c4fae8ee516d3a293d72ce274f065bde2c7098c8f067d76f0aa1dc4bbd4dde9a
-
SHA512
12c8135a6544667f2d83b744fc97d148062640fdcbfcd84d9f063e34fd09404c50acf2784a861ab31c696e08276ddad75814e00164ae084b756e05090ff380e8
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3052 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3052 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 884 wrote to memory of 3052 884 cmd.exe 29 PID 884 wrote to memory of 3052 884 cmd.exe 29 PID 884 wrote to memory of 3052 884 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\brave.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Public\brave.ps1"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3052
-