Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

9dac4644bc...118.7z

windows7-x64

3

9dac4644bc...118.7z

windows10-2004-x64

3

kernel-baffin.bin

ubuntu-18.04-amd64

kernel-baffin.bin

debian-9-armhf

kernel-baffin.bin

debian-9-mips

kernel-baffin.bin

debian-9-mipsel

kernel-ellesmere.bin

ubuntu-18.04-amd64

kernel-ellesmere.bin

debian-9-armhf

kernel-ellesmere.bin

debian-9-mips

kernel-ellesmere.bin

debian-9-mipsel

kernel-fiji.bin

ubuntu-18.04-amd64

kernel-fiji.bin

debian-9-armhf

kernel-fiji.bin

debian-9-mips

kernel-fiji.bin

debian-9-mipsel

kernel-gfx900.bin

ubuntu-18.04-amd64

kernel-gfx900.bin

debian-9-armhf

kernel-gfx900.bin

debian-9-mips

kernel-gfx900.bin

debian-9-mipsel

kernel-tonga.bin

ubuntu-18.04-amd64

kernel-tonga.bin

debian-9-armhf

kernel-tonga.bin

debian-9-mips

kernel-tonga.bin

debian-9-mipsel

start.bat

windows7-x64

1

start.bat

windows10-2004-x64

1

wildrig.exe

windows7-x64

1

wildrig.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    start.bat

  • Size

    293B

  • MD5

    be680fad4dc8489156ff4de4840debb3

  • SHA1

    036291ed70acf301d818fe67006b0ba79a316d5c

  • SHA256

    10ebe45a2c765ab62585acc7b6c854b7870d74cfd884e7a3ca445ba0e42365bb

  • SHA512

    4703b6dfc9950608e17902e750f1fd9b98537142d7ef239531d1e9c00fbb1e3fa33d974177d4d0db895f6cd0943433cdda7e88926e333159bed309cef17042e5

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 31 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\start.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
      wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
      2⤵
        PID:2196
      • C:\Windows\system32\timeout.exe
        timeout /t 5
        2⤵
        • Delays execution with timeout.exe
        PID:2912
      • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
        wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
        2⤵
          PID:2980
        • C:\Windows\system32\timeout.exe
          timeout /t 5
          2⤵
          • Delays execution with timeout.exe
          PID:1916
        • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
          wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
          2⤵
            PID:2608
          • C:\Windows\system32\timeout.exe
            timeout /t 5
            2⤵
            • Delays execution with timeout.exe
            PID:2612
          • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
            wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
            2⤵
              PID:2768
            • C:\Windows\system32\timeout.exe
              timeout /t 5
              2⤵
              • Delays execution with timeout.exe
              PID:2560
            • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
              wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
              2⤵
                PID:2652
              • C:\Windows\system32\timeout.exe
                timeout /t 5
                2⤵
                • Delays execution with timeout.exe
                PID:2588
              • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                2⤵
                  PID:2524
                • C:\Windows\system32\timeout.exe
                  timeout /t 5
                  2⤵
                  • Delays execution with timeout.exe
                  PID:2680
                • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                  2⤵
                    PID:2432
                  • C:\Windows\system32\timeout.exe
                    timeout /t 5
                    2⤵
                    • Delays execution with timeout.exe
                    PID:2508
                  • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                    wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                    2⤵
                      PID:2572
                    • C:\Windows\system32\timeout.exe
                      timeout /t 5
                      2⤵
                      • Delays execution with timeout.exe
                      PID:2520
                    • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                      wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                      2⤵
                        PID:2404
                      • C:\Windows\system32\timeout.exe
                        timeout /t 5
                        2⤵
                        • Delays execution with timeout.exe
                        PID:2424
                      • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                        wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                        2⤵
                          PID:2480
                        • C:\Windows\system32\timeout.exe
                          timeout /t 5
                          2⤵
                          • Delays execution with timeout.exe
                          PID:2528
                        • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                          wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                          2⤵
                            PID:628
                          • C:\Windows\system32\timeout.exe
                            timeout /t 5
                            2⤵
                            • Delays execution with timeout.exe
                            PID:2124
                          • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                            wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                            2⤵
                              PID:1360
                            • C:\Windows\system32\timeout.exe
                              timeout /t 5
                              2⤵
                              • Delays execution with timeout.exe
                              PID:1324
                            • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                              wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                              2⤵
                                PID:2692
                              • C:\Windows\system32\timeout.exe
                                timeout /t 5
                                2⤵
                                • Delays execution with timeout.exe
                                PID:496
                              • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                2⤵
                                  PID:1588
                                • C:\Windows\system32\timeout.exe
                                  timeout /t 5
                                  2⤵
                                  • Delays execution with timeout.exe
                                  PID:280
                                • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                  2⤵
                                    PID:2172
                                  • C:\Windows\system32\timeout.exe
                                    timeout /t 5
                                    2⤵
                                    • Delays execution with timeout.exe
                                    PID:1288
                                  • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                    wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                    2⤵
                                      PID:2324
                                    • C:\Windows\system32\timeout.exe
                                      timeout /t 5
                                      2⤵
                                      • Delays execution with timeout.exe
                                      PID:1612
                                    • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                      wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                      2⤵
                                        PID:1572
                                      • C:\Windows\system32\timeout.exe
                                        timeout /t 5
                                        2⤵
                                        • Delays execution with timeout.exe
                                        PID:1528
                                      • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                        wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                        2⤵
                                          PID:1564
                                        • C:\Windows\system32\timeout.exe
                                          timeout /t 5
                                          2⤵
                                          • Delays execution with timeout.exe
                                          PID:2288
                                        • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                          wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                          2⤵
                                            PID:1796
                                          • C:\Windows\system32\timeout.exe
                                            timeout /t 5
                                            2⤵
                                            • Delays execution with timeout.exe
                                            PID:2308
                                          • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                            wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                            2⤵
                                              PID:2036
                                            • C:\Windows\system32\timeout.exe
                                              timeout /t 5
                                              2⤵
                                              • Delays execution with timeout.exe
                                              PID:1176
                                            • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                              wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                              2⤵
                                                PID:2024
                                              • C:\Windows\system32\timeout.exe
                                                timeout /t 5
                                                2⤵
                                                • Delays execution with timeout.exe
                                                PID:2016
                                              • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                2⤵
                                                  PID:2084
                                                • C:\Windows\system32\timeout.exe
                                                  timeout /t 5
                                                  2⤵
                                                  • Delays execution with timeout.exe
                                                  PID:2844
                                                • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                  2⤵
                                                    PID:2728
                                                  • C:\Windows\system32\timeout.exe
                                                    timeout /t 5
                                                    2⤵
                                                    • Delays execution with timeout.exe
                                                    PID:2212
                                                  • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                    wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                    2⤵
                                                      PID:2716
                                                    • C:\Windows\system32\timeout.exe
                                                      timeout /t 5
                                                      2⤵
                                                      • Delays execution with timeout.exe
                                                      PID:2216
                                                    • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                      wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                      2⤵
                                                        PID:2224
                                                      • C:\Windows\system32\timeout.exe
                                                        timeout /t 5
                                                        2⤵
                                                        • Delays execution with timeout.exe
                                                        PID:1216
                                                      • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                        wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                        2⤵
                                                          PID:268
                                                        • C:\Windows\system32\timeout.exe
                                                          timeout /t 5
                                                          2⤵
                                                          • Delays execution with timeout.exe
                                                          PID:776
                                                        • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                          wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                          2⤵
                                                            PID:1124
                                                          • C:\Windows\system32\timeout.exe
                                                            timeout /t 5
                                                            2⤵
                                                            • Delays execution with timeout.exe
                                                            PID:1424
                                                          • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                            wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                            2⤵
                                                              PID:2780
                                                            • C:\Windows\system32\timeout.exe
                                                              timeout /t 5
                                                              2⤵
                                                              • Delays execution with timeout.exe
                                                              PID:1408
                                                            • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                              wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                              2⤵
                                                                PID:2724
                                                              • C:\Windows\system32\timeout.exe
                                                                timeout /t 5
                                                                2⤵
                                                                • Delays execution with timeout.exe
                                                                PID:840
                                                              • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                                wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                                2⤵
                                                                  PID:304
                                                                • C:\Windows\system32\timeout.exe
                                                                  timeout /t 5
                                                                  2⤵
                                                                  • Delays execution with timeout.exe
                                                                  PID:2268
                                                                • C:\Users\Admin\AppData\Local\Temp\wildrig.exe
                                                                  wildrig.exe --print-full --algo algo --opencl-threads auto --opencl-launch auto --url pool:port --user wallet --pass password
                                                                  2⤵
                                                                    PID:1468
                                                                  • C:\Windows\system32\timeout.exe
                                                                    timeout /t 5
                                                                    2⤵
                                                                    • Delays execution with timeout.exe
                                                                    PID:948

                                                                Network

                                                                MITRE ATT&CK Matrix

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads