Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

openme.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    12s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    11/06/2024, 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    openme.bat

  • Size

    326B

  • MD5

    5ab86b50aaddbad77b01b8b668d900a6

  • SHA1

    0129aca08869025ceabd4da4dfb13518df54d404

  • SHA256

    4594c6e547aabd5ab3270b885bd36052f0fb3640573e46438d349f0fef32eb95

  • SHA512

    edb4a3d4910dc2f0d1542420457473e56fc856c77f27c47c7ec5c45f2df751bed7ba9906abd8aadaa5262e103d394730fad987840f61a55e724299f47a26b07d

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\openme.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Windows\system32\PING.EXE
      ping 127.0.0.1 -n 4
      2⤵
      • Runs ping.exe
      PID:2416
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hi.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:5048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\hi.txt
    Filesize

    9B

    MD5

    52c3dad674f1ef14670bddaf7ecf48d3

    SHA1

    935f8d37299dbc2a81d5689ab7659ad518d6136b

    SHA256

    d5b2769b22fab184b372c912bb2e6f96bb932f80230ffbc0f7c8e6782eeccdba

    SHA512

    82613669a2b1d63173dbbe2033af2c1bfc844c2ea890fcd5caca3c02166c8c80cc8e17a342f06f8d86c1771794ab3fd909601a9564c96acf7bbf855a6f1275f4

    Download Submit