Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

骑士精�...07.dll

windows11-21h2-x64

8

骑士精�...��.bat

windows11-21h2-x64

8

Resubmissions

31/05/2024, 21:40

240531-1h99rafc28 8

31/05/2024, 18:30

240531-w5jcbshf38 8

31/05/2024, 18:28

240531-w4vc7she97 3

31/05/2024, 18:26

240531-w3l1fagf5s 8

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/05/2024, 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    骑士精神2- 整个文件夹解压桌面打开/右键-管理员运行我 (整个文件夹解压��.bat

  • Size

    81B

  • MD5

    5c1e1296884af62064e99e38f2672ee0

  • SHA1

    a08a33184b4294bb4390f0ef52f1cdc552b715c1

  • SHA256

    b3cc11f22b8bf5db5605f2b8b5ddc2f36f7f156543e04faf9df04ccc8bbbe619

  • SHA512

    5f911dadf7d1ad48c9cc79331107ddfafe7dcabd416a3e8efbced0e16c41dac9fa4d1522c0a22ba3bf974efda2cabc41296b10a7f52d8ff08bf9794bca4cf4f2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\右键-管理员运行我 (整个文件夹解压��.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Windows\system32\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\307.1" _CSA
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32 "C:\Users\Admin\AppData\Local\Temp\骑士精神2- 整个文件夹解压桌面打开\307.1" _CSA
        3⤵
        • Blocklisted process makes network request
        PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1044-0-0x0000000010000000-0x0000000013CD2000-memory.dmp

    Filesize

    60.8MB

    Download

  • memory/1044-1-0x0000000004430000-0x000000000449B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1044-7-0x00000000044B0000-0x00000000044B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-6-0x00000000044A0000-0x00000000044A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-5-0x0000000077AC4000-0x0000000077AC5000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-8-0x00000000044C0000-0x00000000044C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-9-0x0000000010000000-0x0000000013CD2000-memory.dmp

    Filesize

    60.8MB

    Download