Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
07/07/2024, 10:58
Static task
static1
Behavioral task
behavioral1
Sample
Dawa-Multitool-main.zip
Resource
win11-20240704-en
Behavioral task
behavioral2
Sample
Dawa-Multitool-main/Dawa-Tool.py
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Dawa-Multitool-main/LICENSE
Resource
win11-20240704-en
Behavioral task
behavioral4
Sample
Dawa-Multitool-main/README.md
Resource
win11-20240704-en
Behavioral task
behavioral5
Sample
Dawa-Multitool-main/start.bat
Resource
win11-20240508-en
General
-
Target
Dawa-Multitool-main/start.bat
-
Size
47B
-
MD5
33d20155ac8bcdaa1032fd5939e51ff6
-
SHA1
7ee6051c3b71059ef2a91b72751fb4dfadda73e7
-
SHA256
7e82e71e1514da26753f425bd584dbf3fcf2eecee1dd48e0e722396aed7e8e74
-
SHA512
89da8dba28a25acd97901be5b8d8d1727a2964035f5cb8ef57877a4fa3486547293732e55a4ef9b3ec5e04fd5154a2842f08415e73abc00444a345a04aa5fd90
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2152 wrote to memory of 224 2152 cmd.exe 78 PID 2152 wrote to memory of 224 2152 cmd.exe 78 PID 2152 wrote to memory of 224 2152 cmd.exe 78
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Dawa-Multitool-main\start.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython Dawa-Tool.py2⤵PID:224
-