Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
02/08/2024, 17:02
Static task
static1
Behavioral task
behavioral1
Sample
NOScript V1.35 Optimization Program.bat
Resource
win7-20240704-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NOScript V1.35 Optimization Program.bat
Resource
win10v2004-20240802-en
4 signatures
150 seconds
General
-
Target
NOScript V1.35 Optimization Program.bat
-
Size
15KB
-
MD5
f72501a2238ea286b58a884955715a79
-
SHA1
ba9f337268e43c39a3905514cb2c63cacb4b2b93
-
SHA256
2d2da6c9e5056f5297d34b136d36f0d41716431ac10b9b03914f3bc8d69dc60d
-
SHA512
06fc4c62adc04502fd67f1eb93d538f394984a39b0e35c855e867ce3e5d817b4f5ffc591d57c1b1fa84b16160af082e35eb8f6782b98b11cd30e003d5d342ddf
-
SSDEEP
384:F29388dPX4v4K39lSknNX9Fpa0/Lc/27YV:jI
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2116 WMIC.exe Token: SeSecurityPrivilege 2116 WMIC.exe Token: SeTakeOwnershipPrivilege 2116 WMIC.exe Token: SeLoadDriverPrivilege 2116 WMIC.exe Token: SeSystemProfilePrivilege 2116 WMIC.exe Token: SeSystemtimePrivilege 2116 WMIC.exe Token: SeProfSingleProcessPrivilege 2116 WMIC.exe Token: SeIncBasePriorityPrivilege 2116 WMIC.exe Token: SeCreatePagefilePrivilege 2116 WMIC.exe Token: SeBackupPrivilege 2116 WMIC.exe Token: SeRestorePrivilege 2116 WMIC.exe Token: SeShutdownPrivilege 2116 WMIC.exe Token: SeDebugPrivilege 2116 WMIC.exe Token: SeSystemEnvironmentPrivilege 2116 WMIC.exe Token: SeRemoteShutdownPrivilege 2116 WMIC.exe Token: SeUndockPrivilege 2116 WMIC.exe Token: SeManageVolumePrivilege 2116 WMIC.exe Token: 33 2116 WMIC.exe Token: 34 2116 WMIC.exe Token: 35 2116 WMIC.exe Token: SeIncreaseQuotaPrivilege 2116 WMIC.exe Token: SeSecurityPrivilege 2116 WMIC.exe Token: SeTakeOwnershipPrivilege 2116 WMIC.exe Token: SeLoadDriverPrivilege 2116 WMIC.exe Token: SeSystemProfilePrivilege 2116 WMIC.exe Token: SeSystemtimePrivilege 2116 WMIC.exe Token: SeProfSingleProcessPrivilege 2116 WMIC.exe Token: SeIncBasePriorityPrivilege 2116 WMIC.exe Token: SeCreatePagefilePrivilege 2116 WMIC.exe Token: SeBackupPrivilege 2116 WMIC.exe Token: SeRestorePrivilege 2116 WMIC.exe Token: SeShutdownPrivilege 2116 WMIC.exe Token: SeDebugPrivilege 2116 WMIC.exe Token: SeSystemEnvironmentPrivilege 2116 WMIC.exe Token: SeRemoteShutdownPrivilege 2116 WMIC.exe Token: SeUndockPrivilege 2116 WMIC.exe Token: SeManageVolumePrivilege 2116 WMIC.exe Token: 33 2116 WMIC.exe Token: 34 2116 WMIC.exe Token: 35 2116 WMIC.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1952 wrote to memory of 2292 1952 cmd.exe 31 PID 1952 wrote to memory of 2292 1952 cmd.exe 31 PID 1952 wrote to memory of 2292 1952 cmd.exe 31 PID 2292 wrote to memory of 2116 2292 cmd.exe 32 PID 2292 wrote to memory of 2116 2292 cmd.exe 32 PID 2292 wrote to memory of 2116 2292 cmd.exe 32 PID 2292 wrote to memory of 2144 2292 cmd.exe 33 PID 2292 wrote to memory of 2144 2292 cmd.exe 33 PID 2292 wrote to memory of 2144 2292 cmd.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\NOScript V1.35 Optimization Program.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv | find /i "true"2⤵
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Windows\System32\Wbem\WMIC.exewmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2116
-
-
C:\Windows\system32\find.exefind /i "true"3⤵PID:2144
-
-