Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

fun.bat

windows10-1703-x64

1

fun.bat

windows11-21h2-x64

1

Analysis

  • max time kernel
    1478s
  • max time network
    1492s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/06/2024, 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fun.bat

  • Size

    265B

  • MD5

    72f77463285e6b7a746ad399225f4531

  • SHA1

    e775ca674e0a9c2629605bd10cf07a891563f63e

  • SHA256

    c7ccce16852b76e0624ea78fcb03fc116c2f6df777782ea73bfd0651464ef6fa

  • SHA512

    8a9bd7c1dd58d50b9b6807a1d031089d42c19527d5cb41cc30e4d515905395eff2bbe78ef736bb77eae121b4bed77f4e1aa86dd832dff1d656465065ba729c86

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\fun.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h C:\autoexec.bat
      2⤵
      • Views/modifies file attributes
      PID:5036
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h C:\boot.ini
      2⤵
      • Views/modifies file attributes
      PID:3052
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h C:\ntldr
      2⤵
      • Views/modifies file attributes
      PID:752
    • C:\Windows\system32\attrib.exe
      attrib -r -s -h C:\window\win.ini
      2⤵
      • Views/modifies file attributes
      PID:4344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads