Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
06/08/2024, 01:32 UTC
Static task
static1
Behavioral task
behavioral1
Sample
asdasd.bat
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
asdasd.bat
Resource
win10-20240404-en
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral3
Sample
asdasd.bat
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
asdasd.bat
Resource
win11-20240802-en
windows11-21h2-x64
2 signatures
150 seconds
General
-
Target
asdasd.bat
-
Size
193B
-
MD5
b96eb0cd305295b349ee8ae813e30383
-
SHA1
3591aebb05d3afa000acb09b751e244f1b6c051c
-
SHA256
9cd8992c88ec7509f1ced0fec83ce814b414697f16e2a29a3eb0819591065b8e
-
SHA512
9cd48acb44f8c8fd5f04b801651de89772272bc39fa0b24942f192576497a50437a301f19da5d8935a91b1c54973c15d1f6b416d81b828e346cfa61abc108ee4
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2656 WMIC.exe Token: SeSecurityPrivilege 2656 WMIC.exe Token: SeTakeOwnershipPrivilege 2656 WMIC.exe Token: SeLoadDriverPrivilege 2656 WMIC.exe Token: SeSystemProfilePrivilege 2656 WMIC.exe Token: SeSystemtimePrivilege 2656 WMIC.exe Token: SeProfSingleProcessPrivilege 2656 WMIC.exe Token: SeIncBasePriorityPrivilege 2656 WMIC.exe Token: SeCreatePagefilePrivilege 2656 WMIC.exe Token: SeBackupPrivilege 2656 WMIC.exe Token: SeRestorePrivilege 2656 WMIC.exe Token: SeShutdownPrivilege 2656 WMIC.exe Token: SeDebugPrivilege 2656 WMIC.exe Token: SeSystemEnvironmentPrivilege 2656 WMIC.exe Token: SeRemoteShutdownPrivilege 2656 WMIC.exe Token: SeUndockPrivilege 2656 WMIC.exe Token: SeManageVolumePrivilege 2656 WMIC.exe Token: 33 2656 WMIC.exe Token: 34 2656 WMIC.exe Token: 35 2656 WMIC.exe Token: SeIncreaseQuotaPrivilege 2656 WMIC.exe Token: SeSecurityPrivilege 2656 WMIC.exe Token: SeTakeOwnershipPrivilege 2656 WMIC.exe Token: SeLoadDriverPrivilege 2656 WMIC.exe Token: SeSystemProfilePrivilege 2656 WMIC.exe Token: SeSystemtimePrivilege 2656 WMIC.exe Token: SeProfSingleProcessPrivilege 2656 WMIC.exe Token: SeIncBasePriorityPrivilege 2656 WMIC.exe Token: SeCreatePagefilePrivilege 2656 WMIC.exe Token: SeBackupPrivilege 2656 WMIC.exe Token: SeRestorePrivilege 2656 WMIC.exe Token: SeShutdownPrivilege 2656 WMIC.exe Token: SeDebugPrivilege 2656 WMIC.exe Token: SeSystemEnvironmentPrivilege 2656 WMIC.exe Token: SeRemoteShutdownPrivilege 2656 WMIC.exe Token: SeUndockPrivilege 2656 WMIC.exe Token: SeManageVolumePrivilege 2656 WMIC.exe Token: 33 2656 WMIC.exe Token: 34 2656 WMIC.exe Token: 35 2656 WMIC.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2808 wrote to memory of 2656 2808 cmd.exe 33 PID 2808 wrote to memory of 2656 2808 cmd.exe 33 PID 2808 wrote to memory of 2656 2808 cmd.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\asdasd.bat"1⤵PID:2196
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get Model2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2656
-