Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
frdddd.bat
-
Size
255B
-
Sample
240726-wde6lathkk
-
MD5
7cfc0e137d5d8b7f808add077083360b
-
SHA1
af7b34d385fdfcb6c1e0b37ce3908dcc437f3da9
-
SHA256
596217a3228f37bd8ac0ea92db6fc1b9fab378b96aea86ecd72e822809d948c5
-
SHA512
9b02fec89d4dfe4982a824c6b2f3c345c670285718e04c81d0e39e463e9d8f366fff04d892aea6464ef6a644c791aa86429c67e1411bfba6935385f047098ae0
Static task
static1
Behavioral task
behavioral1
Sample
frdddd.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
frdddd.bat
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
frdddd.bat
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
frdddd.bat
-
Size
255B
-
MD5
7cfc0e137d5d8b7f808add077083360b
-
SHA1
af7b34d385fdfcb6c1e0b37ce3908dcc437f3da9
-
SHA256
596217a3228f37bd8ac0ea92db6fc1b9fab378b96aea86ecd72e822809d948c5
-
SHA512
9b02fec89d4dfe4982a824c6b2f3c345c670285718e04c81d0e39e463e9d8f366fff04d892aea6464ef6a644c791aa86429c67e1411bfba6935385f047098ae0
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Process Discovery
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1