Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

骑士精�...07.dll

windows11-21h2-x64

8

骑士精�...��.bat

windows11-21h2-x64

8

Resubmissions

31/05/2024, 21:40

240531-1h99rafc28 8

31/05/2024, 18:30

240531-w5jcbshf38 8

31/05/2024, 18:28

240531-w4vc7she97 3

31/05/2024, 18:26

240531-w3l1fagf5s 8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/05/2024, 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    骑士精神2- 整个文件夹解压桌面打开/右键-管理员运行我 (整个文件夹解压��.bat

  • Size

    81B

  • MD5

    5c1e1296884af62064e99e38f2672ee0

  • SHA1

    a08a33184b4294bb4390f0ef52f1cdc552b715c1

  • SHA256

    b3cc11f22b8bf5db5605f2b8b5ddc2f36f7f156543e04faf9df04ccc8bbbe619

  • SHA512

    5f911dadf7d1ad48c9cc79331107ddfafe7dcabd416a3e8efbced0e16c41dac9fa4d1522c0a22ba3bf974efda2cabc41296b10a7f52d8ff08bf9794bca4cf4f2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\右键-管理员运行我 (整个文件夹解压��.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\system32\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\307.1" _CSA
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4888
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32 "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\307.1" _CSA
        3⤵
        • Blocklisted process makes network request
        PID:4900
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\0f8cf29b969c4d2fbdd482511d3e304c /t 3128 /p 4900
    1⤵
      PID:3056

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4900-0-0x0000000010000000-0x0000000013CD2000-memory.dmp

      Filesize

      60.8MB

      Download

    • memory/4900-1-0x0000000003F80000-0x0000000003FEB000-memory.dmp

      Filesize

      428KB

      Download

    • memory/4900-7-0x0000000004000000-0x0000000004001000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4900-6-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4900-5-0x0000000077074000-0x0000000077075000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4900-8-0x0000000004010000-0x0000000004011000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4900-9-0x0000000010000000-0x0000000013CD2000-memory.dmp

      Filesize

      60.8MB

      Download