Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cz-x1/WinRing0x64.sys

windows7-x64

1

cz-x1/WinRing0x64.sys

windows10-2004-x64

1

cz-x1/benc...0M.cmd

windows7-x64

1

cz-x1/benc...0M.cmd

windows10-2004-x64

1

cz-x1/benc...1M.cmd

windows7-x64

1

cz-x1/benc...1M.cmd

windows10-2004-x64

1

cz-x1/pool...le.cmd

windows7-x64

1

cz-x1/pool...le.cmd

windows10-2004-x64

1

cz-x1/rtm_...le.cmd

windows7-x64

1

cz-x1/rtm_...le.cmd

windows10-2004-x64

1

cz-x1/solo...le.cmd

windows7-x64

1

cz-x1/solo...le.cmd

windows10-2004-x64

1

cz-x1/start.cmd

windows7-x64

1

cz-x1/start.cmd

windows10-2004-x64

1

cz-x1/xmrig.exe

windows7-x64

1

cz-x1/xmrig.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cz-x1/benchmark_10M.cmd

  • Size

    61B

  • MD5

    5be1c4cacb5ae37c43527e99a097dc7a

  • SHA1

    1b2f00fefde9d601764d5d26d5e0fb2b9f58074c

  • SHA256

    235a64e3520b1c2c27763122b303f78aee8d7c083dfd9f1eb936cd5174383609

  • SHA512

    20a9e18bc397fe86514875af4213a02a5831a27671370849f05c2f3ba048bc29fc41ca96f0cb1cc08aaff27bbebf637f30d2ee798cb80ed03080e8c7d8f2d9a1

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\cz-x1\benchmark_10M.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:728
    • C:\Users\Admin\AppData\Local\Temp\cz-x1\xmrig.exe
      xmrig.exe --bench=10M --submit
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3792-0-0x000001ADE3C00000-0x000001ADE3C20000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3792-1-0x000001ADE3C40000-0x000001ADE3C60000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3792-2-0x000001ADE3D60000-0x000001ADE3D80000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3792-3-0x000001ADE3D80000-0x000001ADE3DA0000-memory.dmp

    Filesize

    128KB

    Download