Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Discord_Ni...or.zip

windows7-x64

1

Discord_Ni...or.zip

windows10-2004-x64

1

Discord Ni...gen.py

windows7-x64

3

Discord Ni...gen.py

windows10-2004-x64

3

Discord Ni...os.txt

windows7-x64

1

Discord Ni...os.txt

windows10-2004-x64

1

Discord Ni...es.txt

windows7-x64

1

Discord Ni...es.txt

windows10-2004-x64

1

Discord Ni...ts.txt

windows7-x64

1

Discord Ni...ts.txt

windows10-2004-x64

1

Discord Ni...rt.bat

windows7-x64

1

Discord Ni...rt.bat

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord Nitro Generator/start.bat

  • Size

    55B

  • MD5

    b81d7791fc1ff12b1ebabae9a1d2bfdc

  • SHA1

    9b4d3e660ea56671ce100db01c02eaa11bf97347

  • SHA256

    2718a599b6149f9bd4313815fa2e69c2d4c07b9642b3195fdf9fd84acb1d7f97

  • SHA512

    1306699d9a5acf1da21e5ab4bdd223d74451d3513571291cce2e5f446f6596c6d1afd3db7acca3360bfaaf719041a202a562e89ee954a6469134894e0c71ccf2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Discord Nitro Generator\start.bat"
    1⤵
      PID:2164
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2488

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2488-0-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2488-1-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2488-2-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download