Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

payment co...df.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oo.eml

  • Size

    12KB

  • Sample

    240522-tc3t6agd77

  • MD5

    e09bbe46234553ec52d52790dd96e76b

  • SHA1

    7cad01f32d0b4c0c2673d0e65facf23ed287e47a

  • SHA256

    fb2266dfbcea201a7ed5f61163549238fb16dc17a8a22ceef04f5849a1d585d8

  • SHA512

    fc5dd2fcd5daf76abf74bb61ee699538c18389f29ea189a59084ec429b61ae8f1254c043745d37d69ddd016c685203258d9d8582adf2debd7257f28338055dac

  • SSDEEP

    384:Jfsxjptdh+0EakmDHWHwH6i6jvOOPnHw7SkL:CtdAYby0EOkASkL

Score
8/10
execution

Malware Config

Targets

    • Target

      payment confirmation and invoices_pdf.bat

    • Size

      7KB

    • MD5

      6a0e1a60234d409a8d5c630f84b707f4

    • SHA1

      33ab80ab6ee9ff90d35ff1912090ed68f225f0cb

    • SHA256

      b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8

    • SHA512

      92b198585eddbee2d1bfd37736bbe6a1f44a5c751f2dd15cc6c10104af2bb9557990f963a15bbac4ad0e21d3066ba0cb83bc41245e46d67408e72ae5f7d9bbaf

    • SSDEEP

      96:2XOLZvaljhpoAjs3R3R75XVbOVrGTvyoidAdCgpn7wEnx/1XCzlbTX:WSZv4jhaOoHNXbqo8gSlbTX

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks