Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

bin/admin.bat

windows7-x64

1

bin/admin.bat

windows10-2004-x64

7

bin/instsvc.bat

windows7-x64

8

bin/instsvc.bat

windows10-2004-x64

8

bin/ping.bat

windows7-x64

1

bin/ping.bat

windows10-2004-x64

7

bin/ping.sh

ubuntu-18.04-amd64

1

bin/ping.sh

debian-9-armhf

1

bin/ping.sh

debian-9-mips

bin/ping.sh

debian-9-mipsel

bin/reset-acl.bat

windows7-x64

1

bin/reset-acl.bat

windows10-2004-x64

7

bin/reset-acl.sh

ubuntu-18.04-amd64

1

bin/reset-acl.sh

debian-9-armhf

1

bin/reset-acl.sh

debian-9-mips

bin/reset-acl.sh

debian-9-mipsel

bin/reset-pw.bat

windows7-x64

1

bin/reset-pw.bat

windows10-2004-x64

7

bin/reset-pw.sh

ubuntu-18.04-amd64

1

bin/reset-pw.sh

debian-9-armhf

1

bin/reset-pw.sh

debian-9-mips

bin/reset-pw.sh

debian-9-mipsel

bin/shutdown.bat

windows7-x64

1

bin/shutdown.bat

windows10-2004-x64

7

bin/shutdown.sh

ubuntu-18.04-amd64

1

bin/shutdown.sh

debian-9-armhf

1

bin/shutdown.sh

debian-9-mips

bin/shutdown.sh

debian-9-mipsel

bin/startup.bat

windows7-x64

1

bin/startup.bat

windows10-2004-x64

7

bin/startup.sh

ubuntu-18.04-amd64

1

bin/startup.sh

debian-9-armhf

1

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/startup.bat

  • Size

    296B

  • MD5

    2d5ead0bc17c0fe49b448b03fb7ff49c

  • SHA1

    72802803046cc748034b7723743f7a62efb9d4ae

  • SHA256

    a8c6c55c0e1b71c82c685fa9edf0b9122f9e6648a21fac9d0cc61a0f2ee1a751

  • SHA512

    639b4044d41004568df7a0475339da26dbf9d7836b6af28e49cc47e544f285d3b6cf4122e0fb47fcc4f9d3a5dc31c161284d903ca3a90d4e468f3aca059ac8f2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\bin\startup.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\java.exe
      java -Djava.net.preferIPv4Stack=true -Xmx768m -cp "C:\Users\Admin\AppData\Local\Temp"\nxd.jar;"C:\Users\Admin\AppData\Local\Temp"\lib\*; nxd.Main
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Windows\system32\hostname.exe
        hostname
        3⤵
          PID:2576

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\db\blacklist.lock.db
      Filesize

      103B

      MD5

      c2f9995c022caa007e934f9b89781789

      SHA1

      0a9edde8f9d9d62a8e6ec77993ee89c5efa53d2e

      SHA256

      48a7aee180272064ec127779947353228f7583426f2528490ad9c841c0af1fd3

      SHA512

      2d113e20bb45d6c283fbbdba8ccbfa615cfb8a001e59ec85ad7c07073711f72dac5b84f4f7de6a8a086714ab6a0e25d17e4847a297d726bb7e90792d5d36cc89

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\blacklist.lock.db
      Filesize

      103B

      MD5

      4d5c8ba72671c3a3a8908f7afebeb82b

      SHA1

      77ed066d2b0a7957e7fa68c7e040682c696eaed4

      SHA256

      d04ae8a952a3f85db1f7eb41f19b3af0a7a836b8098bfaa984bc4e709d1efdfd

      SHA512

      cacd175449cd8270a32fd6ffce74dfefe48f05d2599b7c23561c4c919501e6ab152d561b1616a8e1a5f93efe63c742c5b0ed8b47a4ab5bdc16f9959a443d29bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
      Filesize

      103B

      MD5

      ed373d2037be9dfd5d714505d2b08205

      SHA1

      c11d99adad418dd671e4f70bea2a028ec4b22cef

      SHA256

      0882510121564f08d875db4c5607ea82ed36b6e1132e8fbdb8cf499967ef2dc6

      SHA512

      e1a9f1febbb0aa2f6953c2e79c0a3454b26bd87d5d01893428ab7e1f65a7a6820f597ee2887e8a46961b41d03a5aa9676bf364f9ecb47f5bebe1916fbfaad710

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
      Filesize

      103B

      MD5

      9925a81820e36bdeea1a8f1f9ae43e86

      SHA1

      c1d4ab4dd770c3fdf7dbc4a4faa35c5f7e6970a6

      SHA256

      0d0e7c397ba1550c83e7a3dacc71ed239cfbe20e82241800689861983d83c912

      SHA512

      53bd5a80068d873954b0ba6f8b41a9ad6850c15ff024e7c4fa71ced1155d8412cbc48593d17ab027b3ffd1ba451f52135c7b528bb2f9ab5d413ca0a0be441bd0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\config.lock.db
      Filesize

      103B

      MD5

      71d5184788a38b484f90d4271efacc57

      SHA1

      fdef39b72cf62229dca54ced20718f4fc26ee706

      SHA256

      5674a658fb7d474b05c32e413b8c372c99aaa0f5ddd39f581fd8aab98205f747

      SHA512

      4c4f2cc509062f0b30d433c7fe8582cb354ca6a2293d4acd168fd2e757245a4bb7c0d005866f942c111c0a3596e289d6beaa6b03901e9f418411a379a82543dc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
      Filesize

      103B

      MD5

      7bcc5d2f18151ae22150394a706665f7

      SHA1

      34b56968a2c7c304a9165c4d723775dcddf72e51

      SHA256

      5718aab96f4fdeca339cda8d9b4a4e9ecfd03f70cd483ac7ab959bb48792914d

      SHA512

      cb5767be95c157ec53a552c9edd9752980d78b7e70382b5977cede40066af22fc43761dfb582d1b38aa6e8ba6b6a58f2d77e96af756dc8b0b46a3d88d16130b7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
      Filesize

      103B

      MD5

      49e3c4c221a9d594f49b2250e6f67bfa

      SHA1

      bb71a730731577a4f8c5eed1794ce947b6194f88

      SHA256

      085ac9c7ba31d9b23d5c9d8335a28a5b9c930e715db3887a1c0636a66ecfc80a

      SHA512

      a4ba4c41c96c305ce8c20272441c49ba44ca9ea8de9c66d22240aff7125235dba17971974b8dcfb3940f2d1184d9fb21c20a5946e0159aecfed0e581da18135b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\jahaslist.lock.db
      Filesize

      103B

      MD5

      8bc0e857f702c6be4f360c62f4b5f02c

      SHA1

      36f7459770a1f67f3ef2f8e88bea5eddee01c16c

      SHA256

      69b487ec365e97590f730abef4df3bcdb62a5ab79172d311b6a02dd59d88a719

      SHA512

      756b63d046a1790d72d01b3c9667bb2ef89e5f9497018ccb4e45ec33d1108e271b76246fdc0eda478dca440dc8655eff1e5bad8fb95ba2e0b980a76edc125745

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\komcache.lock.db
      Filesize

      103B

      MD5

      f0a64c2e0766bf7331c7c7fa698bf924

      SHA1

      4606f032e013854ffe51b9ae42b50ec46e982416

      SHA256

      b9aae02b58ec589ec4808291831f8af4879394cc15baf377f0d6271adbb71769

      SHA512

      58a385a52e1ad5d46c9642fff1fa41ade5b9920c03e3e22f9b27487f3f9a61382ce8bf7dcd669367b985d48ae6f73a8cc4b8986fa848c4787cf66a242f9b207d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\komcache.lock.db
      Filesize

      103B

      MD5

      f3052b8a6957775a298c972ec998d397

      SHA1

      ba67f1ee8ed6c200172239903dcdf631aaa22138

      SHA256

      f60991e66b8a3709dbf7b516b0eb803dc430c65f288aa07c7910c8c2423a913a

      SHA512

      1430f30c0253417c7a393531d305d3a3c2d9ab4ee4dccca2ce8171d28df744b89dcf3b01d9df3df6fb24b354a6bf7b9134da7462dcb8d3f7e0d10a05ee697083

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
      Filesize

      103B

      MD5

      c9151792b39e0c91da547822594f2a56

      SHA1

      69695575f3f0422e8283868d2394860f5744ebc0

      SHA256

      3de05c8ef7b3a1ba27cf55ce3a9629732e13e9fb9456f23c5e2fcbe7d0499f74

      SHA512

      9722edf5609126850d70dbd1ce1d47a146df340d7f3dad1528cfa3a3e110e5f539570654049bd1807788ca320b8ccde1ee1a3b8aab5d27195ebc8f3bc251ddd4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
      Filesize

      103B

      MD5

      797a146c30ce644f5085af8de32cb00b

      SHA1

      e374c8321bf9cfadbbe3ec5fef429f25a2dca3ac

      SHA256

      93f4bd53ed2744961a92304e379b6674de19894984bc2cb85c2e71b1d706f120

      SHA512

      9c6f551a10d9993b0f4fd1b9c7d0980b8f5f74a838e43eb691fa93c7d22af1152bd7c535e9c2c0bb9360b356414df35060578b6aca516333a20c1a50fb2477d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\local.lock.db
      Filesize

      103B

      MD5

      718f21e328623594e091bd07dfc41bfd

      SHA1

      b02920fd61daa7665615b722013fe2bf160e03d3

      SHA256

      607305a4df39c84cab146429afce73043ac6f24f851e62f4a5f767dcaecbeecb

      SHA512

      1b82748a9f802403a05224ec513938350bed51264a8540c151632725be9cf3ca767c0bd4c7d122737cd6380e0c3e3797674cd6c6bcb2b1f2428ae86060d1d9e4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\pstcache.lock.db
      Filesize

      103B

      MD5

      6046814d4c114f4f4e6cefb1be99ed4c

      SHA1

      76bb2ed570b25a22e4f411af18c29acf490e41f0

      SHA256

      c45d2f35030741b83408530ab53f255a68da280c48ef509a507af26b0684fbbb

      SHA512

      11afd3761686864a0cffc470a690c3869707ca8ebe62d1bde863cdbe070f2b19ca0a2504a5ae30792645ff0f69fbea7011fab28e3480b2a3cdd1174d7fe0e666

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\pstcache.lock.db
      Filesize

      103B

      MD5

      288b1fc593d110af1381d6b2cf95eb4c

      SHA1

      247ae320433db52ba9a3d4b4370024249f095051

      SHA256

      d729bd87f061da5752f62eeed6a03fb822bd7629d4b13970f7121cafee32088c

      SHA512

      38ddff83944615ed82c1cf8bd895375fb985c3ddc410a163eb681ee16ecf381b5e47544e1eff01276c6b256b564614121852ece1663791ea92c1dab1800e2304

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
      Filesize

      103B

      MD5

      02efa80175609be82c6a15da39449698

      SHA1

      ee2bf7da5ecbe49b630579bfb4339476daa4d8b2

      SHA256

      602ae3fe9bbf701f3431a5fa7120b8d4975d3570c018de27fa5c92156dc628d4

      SHA512

      b652f889ce946a245e0ff89f89c7658b67af2969912f179a11ac79c9b5c7d99abe90f1385c6135779556314f91c992b3af215456f123a600c804b0efe151381d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
      Filesize

      103B

      MD5

      e12e3e4e537a14a676878ae5a7e67028

      SHA1

      3e1f66e61a91f85f2f75690afe9743cdec10436b

      SHA256

      b8439dc5159c2ac319ab827f65af6077d9b1c6084f6a880544504999922cf371

      SHA512

      8559b2fa0d730c3640a008098d1830b0a4838de3ae7bffbcc53e42d30e751b24f4955f0ee79397042b528c41f8808d5bd4fff693090d157ba1b27e964ab8c1de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\db\traffic.lock.db
      Filesize

      103B

      MD5

      0a496e6748856f8b4ecc566660128988

      SHA1

      62be86b44c2a8eb97f1ab8a584ed2f8eba470414

      SHA256

      745b512d0c8c3a89c37d749a2ff79e457c880bcc4b608bad0b7075e292d213e6

      SHA512

      6823bbaf4844e82e4e4ccbc899882a2cd91b7828a4df9e30290c401f054db01381e2d66c0b0e1aa55bab3c2341a5a9f96c0a19f46c296700f7399c0fc777bcb2

      Download Submit

    • memory/1820-198-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-54-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-201-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-215-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-223-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-38-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-225-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-240-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-241-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-244-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-2-0x0000000002550000-0x00000000027C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1820-205-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-24-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-130-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-15-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-384-0x00000000027C0000-0x00000000027D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1820-387-0x0000000002550000-0x00000000027C0000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/1820-388-0x00000000027D0000-0x00000000027E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1820-570-0x00000000027E0000-0x00000000027F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1820-116-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-745-0x00000000027C0000-0x00000000027D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1820-758-0x00000000027D0000-0x00000000027E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1820-771-0x00000000027E0000-0x00000000027F0000-memory.dmp

      Filesize

      64KB

      Download