Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    33s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 18:52

Errors

Reason
Machine shutdown

General

  • Target

    pcKill.bat

  • Size

    352B

  • MD5

    41a963b08e8d643bf59a11491ff54b89

  • SHA1

    a196bfa5e60eb75e484c6699cca2f38e5aeb17b2

  • SHA256

    bc32c45844e9b6b9ce238f7887fa93f2600a9201542d369b7265766b37482be9

  • SHA512

    6f91ad42f2f84b33676a3840e6a555022baa708afc40bb7a94947e4736df116f511008d265e12e99e1d24fffacac94e8058a46eccd2310ced60c22ab99da7a1b

Score
9/10

Malware Config

Signatures

  • Modifies boot configuration data using bcdedit 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\pcKill.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2240
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic os get TotalVisibleMemorySize
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3964
    • C:\Windows\system32\bcdedit.exe
      bcdedit.exe /set removememory 4193744
      2⤵
      • Modifies boot configuration data using bcdedit
      PID:3336
    • C:\Windows\system32\shutdown.exe
      shutdown /r
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:456
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa394b055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:3620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads