Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

ตัว�...��.bat

windows7-x64

3

ตัว�...��.bat

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/08/2024, 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ตัวไหล.bat

  • Size

    401B

  • MD5

    a52d6fa560c6a65a8bf5b3c1602fa532

  • SHA1

    e515aab8fecc60e1c8217098bc94d03597e2dc59

  • SHA256

    f70f25aa2bdb13440fe1f8a2ba8fdd4709a4ebe47cc03bf15e5822b0fbe73afb

  • SHA512

    f9f8f6e88238c128d4f2a620287a8c55cf34325c7dd2a9cc659d2619d687e716cb02e216fd60ae69f94d4942374b975d65eee62ab561da2aa164fef33f33d5fe

Score
3/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Time Discovery 1 TTPs 2 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ตัวไหล.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\system32\timeout.exe
      timeout 3
      2⤵
      • Delays execution with timeout.exe
      PID:4644
    • C:\Windows\system32\timeout.exe
      timeout 5
      2⤵
      • Delays execution with timeout.exe
      PID:1532
    • C:\Windows\system32\timeout.exe
      timeout 3
      2⤵
      • Delays execution with timeout.exe
      PID:4456
    • C:\Windows\system32\netsh.exe
      netsh winsock reset
      2⤵
      • Event Triggered Execution: Netsh Helper DLL
      PID:3100
    • C:\Windows\system32\ipconfig.exe
      ipconfig /flushdns
      2⤵
      • Gathers network information
      PID:1624
    • C:\Windows\system32\net.exe
      net stop w32time
      2⤵
      • System Time Discovery
      • Suspicious use of WriteProcessMemory
      PID:3968
      • C:\Windows\system32\net1.exe
        C:\Windows\system32\net1 stop w32time
        3⤵
        • System Time Discovery
        PID:4408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads