Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 15:47
Static task
static1
Behavioral task
behavioral1
Sample
BakerBoostApp.msi
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
BakerBoostApp.msi
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
setup.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
setup.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Пак/Специальн. твики/1_Activator.bat
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Пак/Специальн. твики/1_Activator.bat
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Пак/Специальн. твики/Network_Tweaks.bat
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Пак/Специальн. твики/Network_Tweaks.bat
Resource
win10v2004-20231215-en
General
-
Target
Пак/Специальн. твики/Network_Tweaks.bat
-
Size
3KB
-
MD5
257c9ccd5fa59498dbfcf75b07f30a73
-
SHA1
cd333e7847a91200d7281bc6d14f864908b1acfd
-
SHA256
d0a0f15415723601124794ccf93271fb5fac14b7c00c160dbddb7794968e802f
-
SHA512
26ebdc68c18a3006972030e32b05b69a9d949e10a312833818749aa109065f359a5eb5346d8ffe6c99dc3fc98f55aa7d384247d3e9fd3166605bbe901e4033f7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 39 IoCs
description pid Process procid_target PID 1740 wrote to memory of 1596 1740 cmd.exe 29 PID 1740 wrote to memory of 1596 1740 cmd.exe 29 PID 1740 wrote to memory of 1596 1740 cmd.exe 29 PID 1740 wrote to memory of 2248 1740 cmd.exe 30 PID 1740 wrote to memory of 2248 1740 cmd.exe 30 PID 1740 wrote to memory of 2248 1740 cmd.exe 30 PID 1740 wrote to memory of 2664 1740 cmd.exe 31 PID 1740 wrote to memory of 2664 1740 cmd.exe 31 PID 1740 wrote to memory of 2664 1740 cmd.exe 31 PID 1740 wrote to memory of 2772 1740 cmd.exe 32 PID 1740 wrote to memory of 2772 1740 cmd.exe 32 PID 1740 wrote to memory of 2772 1740 cmd.exe 32 PID 1740 wrote to memory of 3040 1740 cmd.exe 33 PID 1740 wrote to memory of 3040 1740 cmd.exe 33 PID 1740 wrote to memory of 3040 1740 cmd.exe 33 PID 1740 wrote to memory of 2364 1740 cmd.exe 34 PID 1740 wrote to memory of 2364 1740 cmd.exe 34 PID 1740 wrote to memory of 2364 1740 cmd.exe 34 PID 1740 wrote to memory of 2756 1740 cmd.exe 35 PID 1740 wrote to memory of 2756 1740 cmd.exe 35 PID 1740 wrote to memory of 2756 1740 cmd.exe 35 PID 1740 wrote to memory of 2968 1740 cmd.exe 36 PID 1740 wrote to memory of 2968 1740 cmd.exe 36 PID 1740 wrote to memory of 2968 1740 cmd.exe 36 PID 1740 wrote to memory of 2728 1740 cmd.exe 37 PID 1740 wrote to memory of 2728 1740 cmd.exe 37 PID 1740 wrote to memory of 2728 1740 cmd.exe 37 PID 1740 wrote to memory of 2556 1740 cmd.exe 38 PID 1740 wrote to memory of 2556 1740 cmd.exe 38 PID 1740 wrote to memory of 2556 1740 cmd.exe 38 PID 1740 wrote to memory of 2616 1740 cmd.exe 39 PID 1740 wrote to memory of 2616 1740 cmd.exe 39 PID 1740 wrote to memory of 2616 1740 cmd.exe 39 PID 1740 wrote to memory of 2300 1740 cmd.exe 40 PID 1740 wrote to memory of 2300 1740 cmd.exe 40 PID 1740 wrote to memory of 2300 1740 cmd.exe 40 PID 1740 wrote to memory of 2216 1740 cmd.exe 41 PID 1740 wrote to memory of 2216 1740 cmd.exe 41 PID 1740 wrote to memory of 2216 1740 cmd.exe 41
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Пак\Специальн. твики\Network_Tweaks.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1740 -
C:\Windows\system32\netsh.exenetsh int tcp set global autotuninglevel=disabled2⤵PID:1596
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global ecncapability=disabled2⤵PID:2248
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global dca=enabled2⤵PID:2664
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global netdma=enabled2⤵PID:2772
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global rsc=disabled2⤵PID:3040
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global rss=enabled2⤵PID:2364
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global timestamps=disabled2⤵PID:2756
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global initialRto=20002⤵PID:2968
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global nonsackrttresiliency=disabled2⤵PID:2728
-
-
C:\Windows\system32\netsh.exenetsh int tcp set global maxsynretransmissions=22⤵PID:2556
-
-
C:\Windows\system32\netsh.exenetsh int tcp set security mpp=disabled2⤵PID:2616
-
-
C:\Windows\system32\netsh.exenetsh int tcp set security profiles=disabled2⤵PID:2300
-
-
C:\Windows\system32\netsh.exenetsh int tcp set heuristics disabled2⤵PID:2216
-
-
C:\Windows\system32\netsh.exenetsh int ip set global neighborcachelimit=40962⤵PID:2872
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-NetTCPSetting -SettingName InternetCustom -MinRto 300"2⤵PID:2980
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-NetTCPSetting -SettingName InternetCustom -InitialCongestionWindow 10"2⤵PID:2908
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Set-NetOffloadGlobalSetting -Chimney Disabled"2⤵PID:2816
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "Tcp1323Opts" /t REG_DWORD /d "1" /f2⤵PID:488
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock" /v "MinSockAddrLength" /t REG_DWORD /d "16" /f2⤵PID:1200
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic path win32_networkadapter get GUID | findstr "{"2⤵PID:2524
-
C:\Windows\system32\findstr.exefindstr "{"3⤵PID:2076
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_networkadapter get GUID3⤵PID:2208
-
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v "DoNotHoldNicBuffers" /t REG_DWORD /d "1" /f2⤵PID:1768
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic path win32_networkadapter get GUID | findstr "{"2⤵PID:1332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic path win32_networkadapter get GUID | findstr "{"2⤵PID:1104
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014DEDBE-9F72-44DF-8525-48012FE65E9F}" /v "TCPNoDelay" /t REG_DWORD /d "1" /f2⤵PID:1864
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014DEDBE-9F72-44DF-8525-48012FE65E9F}" /v "TcpDelAckTicks" /t REG_DWORD /d "0" /f2⤵PID:1732
-
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{014DEDBE-9F72-44DF-8525-48012FE65E9F}" /v "TcpAckFrequency" /t REG_DWORD /d "1" /f2⤵PID:1728
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters" /v "EnableAutoDoh" /t REG_DWORD /d "2" /f2⤵PID:1396
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "NetbtPriority" /t REG_DWORD /d "7" /f2⤵PID:1272
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "DnsPriority" /t REG_DWORD /d "6" /f2⤵PID:1316
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "HostsPriority" /t REG_DWORD /d "5" /f2⤵PID:628
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider" /v "LocalPriority" /t REG_DWORD /d "4" /f2⤵PID:1296
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock" /v "MaxSockAddrLength" /t REG_DWORD /d "16" /f2⤵PID:1960
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock" /v "UseDelayedAcceptance" /t REG_DWORD /d "0" /f2⤵PID:2008
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "TcpTimedWaitDelay" /t REG_DWORD /d "30" /f2⤵PID:1640
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "MaxUserPort" /t REG_DWORD /d "65534" /f2⤵PID:1048
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "SackOpts" /t REG_DWORD /d "0" /f2⤵PID:968
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "TcpMaxDupAcks" /t REG_DWORD /d "2" /f2⤵PID:576
-
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "DefaultTTL" /t REG_DWORD /d "64" /f2⤵PID:700
-
-
C:\Windows\system32\findstr.exefindstr "{"1⤵PID:1680
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_networkadapter get GUID1⤵PID:772
-
C:\Windows\system32\findstr.exefindstr "{"1⤵PID:564
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_networkadapter get GUID1⤵PID:1488