Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

install.bat

windows7-x64

1

install.bat

windows10-2004-x64

1

Resubmissions

09/07/2024, 21:37

240709-1gkbyaxckm 1

09/07/2024, 21:34

240709-1e8lrayeme 1

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install.bat

  • Size

    238B

  • MD5

    86bc47c736e81a0b0176cc65ff0de903

  • SHA1

    6580b5de609059efa970585d372c5b2e73d2aa47

  • SHA256

    79ff8372f4baff9cb14e90b6110e9a28df56b3b5c858c1cb1c692ad3eda0cb55

  • SHA512

    bdb94d9b5ed262370b161ddefc974930728835d8edfa5242cbd99de4b16592a426f8411d18bd2bf1b574a33b1216935d2faefcfdd685041bd5c77e079258cc3b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\install.bat # installs fnm (Fast Node Manager) winget install Schniz.fnm # download and install Node.js fnm use --install-if-missing 22 # verifies the right Node.js version is in the environment node -v # should print `v22.4.1` # verifies the right NPM version is in the environment npm -v # should print `10.8.1`
    1⤵
      PID:2052
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta1b79fb9h48dch4bfch856eh4edd815cb95f
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffb1d0c46f8,0x7ffb1d0c4708,0x7ffb1d0c4718
        2⤵
          PID:852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7273612573955924984,4327967994414222812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
          2⤵
            PID:3320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7273612573955924984,4327967994414222812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3692
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7273612573955924984,4327967994414222812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
            2⤵
              PID:1628
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:1664
            • C:\Windows\System32\rundll32.exe
              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              1⤵
                PID:4804

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                Filesize

                152B

                MD5

                b28ef7d9f6d74f055cc49876767c886c

                SHA1

                d6b3267f36c340979f8fc3e012fdd02c468740bf

                SHA256

                fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

                SHA512

                491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                Filesize

                61B

                MD5

                4df4574bfbb7e0b0bc56c2c9b12b6c47

                SHA1

                81efcbd3e3da8221444a21f45305af6fa4b71907

                SHA256

                e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                SHA512

                78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                Filesize

                5KB

                MD5

                2e6d5f8f2c7c6eb323d043ffcfd6b37c

                SHA1

                1839571238b6c04b34235e150f595fcf5fd82b3a

                SHA256

                1c3a70125e36259cfb7f68ff6cd2648392e8e21030f7e6db27d026e03e46e16e

                SHA512

                a567dac102be494f3ec79df38c5fb39f299c461355563541c1346badfa84cf8ed7a3dce1a12de924bb99d66a6839618aedaec7f888aa1fe15905448d0dd87b4e

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                Filesize

                8KB

                MD5

                df5c07bd25152dafe50ed1c7e6418c11

                SHA1

                c75170c1df60e3da1178166c51b92ff64f9c7263

                SHA256

                fe12414f69ff06b21ff9444f41f90cba97897eb3532178b6d69a74f64998bc8a

                SHA512

                bdd406aafae3c2f441c91cf31df7ee9a2911c2247182e1567dfa5aa4cfc3a3408465ee3a8bf52ea062fd9cf9fa995f0af60f54c33039936722ad79b1fcf518ce

                Download Submit