Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 17:02

General

  • Target

    NOScript V1.35 Optimization Program.bat

  • Size

    15KB

  • MD5

    f72501a2238ea286b58a884955715a79

  • SHA1

    ba9f337268e43c39a3905514cb2c63cacb4b2b93

  • SHA256

    2d2da6c9e5056f5297d34b136d36f0d41716431ac10b9b03914f3bc8d69dc60d

  • SHA512

    06fc4c62adc04502fd67f1eb93d538f394984a39b0e35c855e867ce3e5d817b4f5ffc591d57c1b1fa84b16160af082e35eb8f6782b98b11cd30e003d5d342ddf

  • SSDEEP

    384:F29388dPX4v4K39lSknNX9Fpa0/Lc/27YV:jI

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\NOScript V1.35 Optimization Program.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv | find /i "true"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic nic where "NetEnabled=true" get NetConnectionID,NetEnabled /format:csv
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2116
      • C:\Windows\system32\find.exe
        find /i "true"
        3⤵
          PID:2144

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads