Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Cleaners/a...er.exe

windows7-x64

9

Cleaners/a...er.exe

windows10-2004-x64

9

Cleaners/a...rm.exe

windows7-x64

7

Cleaners/a...rm.exe

windows10-2004-x64

7

Cleaners/clean1.bat

windows7-x64

7

Cleaners/clean1.bat

windows10-2004-x64

5

Cleaners/clean2.bat

windows7-x64

7

Cleaners/clean2.bat

windows10-2004-x64

4

Cleaners/clean3.bat

windows7-x64

1

Cleaners/clean3.bat

windows10-2004-x64

1

Cleaners/clean4.bat

windows7-x64

1

Cleaners/clean4.bat

windows10-2004-x64

1

Cleaners/clean5.bat

windows7-x64

7

Cleaners/clean5.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cleaners/clean4.bat

  • Size

    853KB

  • MD5

    d4c34b33b42ce1a0aa1227fa3a768124

  • SHA1

    796606e45d27fd332c6143f6f09cef3c8a522493

  • SHA256

    d2f5b505cd5a6baaabb9d1f51f6b5800139034db44e220f83b44cd66b3197b38

  • SHA512

    33ffd3944bfe182cfcd9f40bb73af997db37692f6a769953e931af24acbebaa2a698254860fc2095cd507d84a2437907016cc8d1bd3614cf6899f6428ef86ff1

  • SSDEEP

    6144:5tJVSIIgunYMX7GmOgDsMrODuUpW/kBkOR1:X6IIgunYMKmOgDsMrODuUpW/kBkOR1

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 11 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Cleaners\clean4.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im epicgameslauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2240
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2320
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2848
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2992
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteLauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2348
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im UnrealCEFSubProcess.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2856
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im CEFProcess.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2884
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im EasyAntiCheat.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2652
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BEService.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2364
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BEServices.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2732
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im BattleEye.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads