Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
12s -
max time network
35s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
24/04/2024, 08:21
Static task
static1
Behavioral task
behavioral1
Sample
bsod.bat
Resource
win11-20240412-en
3 signatures
150 seconds
General
-
Target
bsod.bat
-
Size
28B
-
MD5
f78c7b6d0cdab48ae20c2af64fd90bce
-
SHA1
e78d9e2a19424b37bbc2f9128aee0b06b122bb4a
-
SHA256
d2e21f875187666536aedd0ed3cab185b35e5c3161b42cf666d96a72ffc40550
-
SHA512
246cfb2cd890d9843aa4553753ca6a52e2f43d9dc441c5539d3c8157cebd92f92e616e0f78dd4d0b82ffef1474848ff2708a68ec8161b7cfdd81319ed9895b28
Score
1/10
Malware Config
Signatures
-
Kills process with taskkill 1 IoCs
pid Process 4896 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4896 taskkill.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4972 wrote to memory of 4896 4972 cmd.exe 78 PID 4972 wrote to memory of 4896 4972 cmd.exe 78
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bsod.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\system32\taskkill.exetaskkill /im csrss.exe /f /t2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4896
-