Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
install.bat
-
Size
568B
-
Sample
240703-22zg2aseka
-
MD5
e861a08036b9eb5f216deb58e8a7934d
-
SHA1
5f12dd049df2f88d95f205a4adc307df78ac16ee
-
SHA256
e8315164849216f4c670c13b008e063da2176efb5d08939caa321e39a33035eb
-
SHA512
7ea2fd3b085bd4b3e27d4dda36e079ec8910173cc2b33ccd06698051eb7d5f2818ed9000761d1fc44e354c06d015feb16e77958dab8a3969a0cee2fd453ca0c9
Static task
static1
Behavioral task
behavioral1
Sample
install.bat
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
install.bat
-
Size
568B
-
MD5
e861a08036b9eb5f216deb58e8a7934d
-
SHA1
5f12dd049df2f88d95f205a4adc307df78ac16ee
-
SHA256
e8315164849216f4c670c13b008e063da2176efb5d08939caa321e39a33035eb
-
SHA512
7ea2fd3b085bd4b3e27d4dda36e079ec8910173cc2b33ccd06698051eb7d5f2818ed9000761d1fc44e354c06d015feb16e77958dab8a3969a0cee2fd453ca0c9
Score8/10-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1