Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

360.cmd

windows7-x64

4

360.cmd

windows10-2004-x64

4

360SE.vbs

windows7-x64

3

360SE.vbs

windows10-2004-x64

7

361.cmd

windows7-x64

1

361.cmd

windows10-2004-x64

1

36OSE.vbs

windows7-x64

6

36OSE.vbs

windows10-2004-x64

7

36O安全�... 3.lnk

windows7-x64

3

36O安全�... 3.lnk

windows10-2004-x64

3

36O安全�...�3.lnk

windows7-x64

3

36O安全�...�3.lnk

windows10-2004-x64

3

Internet Exploror.lnk

windows7-x64

3

Internet Exploror.lnk

windows10-2004-x64

3

copy.cmd

windows7-x64

8

copy.cmd

windows10-2004-x64

8

cpa.cmd

windows7-x64

7

cpa.cmd

windows10-2004-x64

1

ha.vbs

windows7-x64

3

ha.vbs

windows10-2004-x64

8

is.cmd

windows7-x64

1

is.cmd

windows10-2004-x64

1

runonce.cmd

windows7-x64

8

runonce.cmd

windows10-2004-x64

8

tool.cmd

windows7-x64

7

tool.cmd

windows10-2004-x64

7

winare.vbs

windows7-x64

1

winare.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    copy.cmd

  • Size

    1KB

  • MD5

    505cb6fccd0e15d878b8dcbac64ad4d5

  • SHA1

    9b49f5035dd7855646d94bd38cb500805f7829e4

  • SHA256

    c4b7e33e97a94a80aea645e8f8601cb3db420bc5a7f828abb93054c2f69341f2

  • SHA512

    bc5b17105fbbbaa3af7a8eb0708d379a3206eae93391939584503096a7e8eb260dacb75efe7b82d19fac4c4c2921cc9df36269977cd840c1208905ed08e7771c

Score
8/10
evasion

Malware Config

Signatures

  • Sets file to hidden 1 TTPs 6 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Views/modifies file attributes 1 TTPs 6 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\copy.cmd"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\WinWare\fav\fav.cmd"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:2160
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\Windows\360SE.vbs"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:2164
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\Windows\36OSE.vbs"
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:2200
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\WinWare\tool.cmd"
      2⤵
      • Sets file to hidden
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2176
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\WinWare\361.cmd"
      2⤵
      • Sets file to hidden
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2572
    • C:\Windows\system32\attrib.exe
      attrib +r +h +s "C:\Program Files\WinWare\360.cmd"
      2⤵
      • Sets file to hidden
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinWare\360.cmd
    Filesize

    1KB

    MD5

    67240c407312315393794e9b65d1e8e5

    SHA1

    810b252670834678fdaa057b39e07985a029be7a

    SHA256

    0a29a7d11891968f5a4a6eb615e87a428d5e93c9a48908c7a1de7cf5a40acf22

    SHA512

    897bfb0b8b9ca3a315ff72b9c937aba50ddb88dd28ce3d8f156ccb01d008e566260e317364966fc3fe59a6f78017ad3924f32dd6d4b4a170550edc55b62bd3f2

    Download Submit

  • C:\Program Files\WinWare\361.cmd
    Filesize

    567B

    MD5

    feb810eaa38eb0890ad2034d322e4c79

    SHA1

    a7c7ddd0bd405b949ddbffed364269d145ee78e4

    SHA256

    e346f4ed81e3e7974c4a9978789fc08737abc4c7318f31d747b1ad23ce5bf800

    SHA512

    f96b5e8129ab8fd4703a2e4bddf4245e9c4a64a8d69663f755386021cb8fd34a75bd0fa53b4579145bf50be2948d9ae5d0f4bdb556ae73b4cc85e6a2130f5ab9

    Download Submit

  • C:\Program Files\WinWare\tool.cmd
    Filesize

    3KB

    MD5

    d7eece295819ac643894e11ec290fc16

    SHA1

    eaf976563ab1d54ddbb538846f21d80663c0482b

    SHA256

    00057dbc21e30cd983f4428934333acc1243bef2a7ae3e89ccfed37aaea35aef

    SHA512

    61602cd5b19a9f3d65c52ec8b393081949167496ec02420fe403e5ee63a3f59f29d367246af4a6ba3a6437ea46759315f6e1721fbd44f84878b548e61d261036

    Download Submit