Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

dtr.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dtr.bat

  • Size

    3KB

  • MD5

    bfcc06085ce5bb05eb5250b2c905e1c2

  • SHA1

    05b728dd94ed017f6ec29ac5db6264173ea34ff6

  • SHA256

    defa03b6c791995c99e687ebfeab292946184fe80daa9087ef98d9d9f1bfbf1c

  • SHA512

    1abc62c643349a1e98c40279d32edb9ff9cbc9921e09e2dbd9c501b50e41a8456b7d72d47fd1681d2f893ff21c10663bc073d846eb7631b679a04663e0bed372

Score
1/10

Malware Config

Signatures

  • Modifies data under HKEY_USERS 15 IoCs
  • Runs net.exe
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\dtr.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Windows\system32\shutdown.exe
      shutdown -s -t 00 -c "Dont trust randoms"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:336
    • C:\Windows\system32\net.exe
      net user Admin *
      2⤵
        PID:4268
        • C:\Windows\system32\net1.exe
          C:\Windows\system32\net1 user Admin *
          3⤵
            PID:3004
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x4 /state0:0xa39f8055 /state1:0x41c64e6d
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:2732

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads