Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

KASU PACK ...10.exe

windows7-x64

3

KASU PACK ...10.exe

windows10-2004-x64

1

KASU PACK ...PD.exe

windows7-x64

5

KASU PACK ...PD.exe

windows10-2004-x64

5

KASU PACK ...on.reg

windows7-x64

8

KASU PACK ...on.reg

windows10-2004-x64

8

KASU PACK ...on.reg

windows7-x64

1

KASU PACK ...on.reg

windows10-2004-x64

1

KASU PACK ...on.reg

windows7-x64

1

KASU PACK ...on.reg

windows10-2004-x64

1

KASU PACK ...on.reg

windows7-x64

8

KASU PACK ...on.reg

windows10-2004-x64

8

KASU PACK ...ts.txt

windows7-x64

3

KASU PACK ...ts.txt

windows10-2004-x64

3

KASU PACK ...ER.reg

windows7-x64

1

KASU PACK ...ER.reg

windows10-2004-x64

1

KASU PACK ...on.reg

windows7-x64

1

KASU PACK ...on.reg

windows10-2004-x64

1

KASU PACK ...et.reg

windows7-x64

1

KASU PACK ...et.reg

windows10-2004-x64

1

KASU PACK ...ay.reg

windows7-x64

1

KASU PACK ...ay.reg

windows10-2004-x64

1

KASU PACK ...N).bat

windows7-x64

6

KASU PACK ...N).bat

windows10-2004-x64

6

KASU PACK ...me.reg

windows7-x64

1

KASU PACK ...me.reg

windows10-2004-x64

1

KASU PACK ...GB.reg

windows7-x64

1

KASU PACK ...GB.reg

windows10-2004-x64

1

KASU PACK ...GB.reg

windows7-x64

1

KASU PACK ...GB.reg

windows10-2004-x64

1

KASU PACK ...GB.reg

windows7-x64

1

KASU PACK ...GB.reg

windows10-2004-x64

1

Resubmissions

09/08/2024, 21:36

240809-1f9kfatgrg 6

09/08/2024, 21:26

240809-1an2jstend 8

Analysis

  • max time kernel
    138s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KASU PACK V.3/Power Plan/Max Performance (RUN AS ADMIN).bat

  • Size

    471B

  • MD5

    3955511f0b30a32f197f5a9084486581

  • SHA1

    da0d23655d211fd83fd14cc12c6750baa4469b06

  • SHA256

    937a072d2780b3249c12596dfa529dc9fae5f752d567f3e3b7122e8ea941cec1

  • SHA512

    301030409d3106a9b5ae2c75a31853b4da305297003444297b59217c5b17ee262563be935797a5d0fe5fea6cd454b79a84f2ade2655c2a3916fc0669f5270b8e

Score
6/10
persistence

Malware Config

Signatures

  • Power Settings 1 TTPs 1 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KASU PACK V.3\Power Plan\Max Performance (RUN AS ADMIN).bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Windows\system32\powercfg.exe
      powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61
      2⤵
      • Power Settings
      • Suspicious use of AdjustPrivilegeToken
      PID:208
    • C:\Windows\system32\timeout.exe
      timeout /t 10
      2⤵
      • Delays execution with timeout.exe
      PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads