Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 12:46
Behavioral task
behavioral1
Sample
BatToExe.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
BatToExe.exe
Resource
win10v2004-20240508-en
General
-
Target
BatToExe.exe
-
Size
1.6MB
-
MD5
da88bae6d39477fa8a83c0cba04207dc
-
SHA1
11892e991e615c5b8d8a6ae0796f1a38ecb31388
-
SHA256
d7b14a7ca7a6acbef39017b57e6e7d477577fff2eb41215cbf535fe84e57daa2
-
SHA512
bc8a2c0dea5b92358a54fd6f13d64c69c268f96f011d075ff6a47d81bcfb3ed420a9082e3d73bddf47c8dec110532a4dbb9d794411e4761f2b7d9a76ac2b3cb2
-
SSDEEP
49152:HUTsamVno337VeWgyR7NfO0xaD3UBUujknfROEjoV3ug9:HaSo7VegZfO0xaD3UBUujknZOEjoV3uy
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2892 Bat To Exe Converter.exe -
Loads dropped DLL 1 IoCs
pid Process 2892 Bat To Exe Converter.exe -
resource yara_rule behavioral2/memory/2484-0-0x0000000000240000-0x00000000004A4000-memory.dmp upx behavioral2/files/0x00070000000233cd-12.dat upx behavioral2/memory/2892-14-0x0000000000400000-0x000000000060E000-memory.dmp upx behavioral2/memory/2484-23-0x0000000000240000-0x00000000004A4000-memory.dmp upx behavioral2/memory/2892-24-0x0000000000400000-0x000000000060E000-memory.dmp upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral2/memory/2484-23-0x0000000000240000-0x00000000004A4000-memory.dmp autoit_exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2484 wrote to memory of 2892 2484 BatToExe.exe 82 PID 2484 wrote to memory of 2892 2484 BatToExe.exe 82 PID 2484 wrote to memory of 2892 2484 BatToExe.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\BatToExe.exe"C:\Users\Admin\AppData\Local\Temp\BatToExe.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\Bat To Exe Converter.exe"C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\Bat To Exe Converter.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2892
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
399KB
MD59092cc0fa27603c620df12b58c4c89df
SHA17b2e36fcf71aa8e20c3006a1ec001d50503a66e7
SHA2566468cdf465b47c64ec621f548fff5e32ca24e21f50a331a17014f68006b12f0e
SHA512a5a0d023cd06cc3b398b6929dfefb345d1ead3de54728b916e2c1c6a492a34ef610a0eedb55864b6f3d6f98fde2273223b4496a5a27b1b3ba87ba0baa6138419
-
Filesize
1002KB
MD57612b1f984753b010119bc23bd23d31f
SHA1960e9ceeb21d01936f0871693b7ce6c846afcbf1
SHA2565ca9d44f4d22389bb50fe0820f644235d7153a4c3508e06a99c59c1089e3eade
SHA51284e7d88c3ec9b78c7aa19b18c275e8db8a962e6abee24359a6ccd2c18c94ed6a008be1755e59ceecc6d3fc82d017cf3ee26a0939c085f8d43bdbb92be5bca502
-
Filesize
244B
MD56edb7cd0ab09825f59d5e6ce5a29670e
SHA12e6843d0e16fa641dfc57670dac53bfa09ea7926
SHA256d383782a6cdbdf4c41fbdf47e9269faf9ad1f7a2df61f52143b942bb2c35d6fd
SHA512b7443706a8eeb508c58ac678e1db1110236842b068232215ba3e3e009ac0de03918116bde8dea9faabb78236b899c504444cb7e69e63a3afe5d97802dfeab8a1