Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

MomGrabber.bat

windows7-x64

1

MomGrabber.bat

windows10-2004-x64

6

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MomGrabber.bat

  • Size

    727B

  • MD5

    8691d8696a4b87bab23b707f6c9a9fa7

  • SHA1

    fc34c04ffd8ba2d8e4b4240fb5125bfe9ec8f455

  • SHA256

    c372a7a932e36fe62d705e40061a72c8f7420188707c9317c88d149181cd4b03

  • SHA512

    716ea20bd8f8f32fea0356742ea277ede9136df27fb893bf11551db781d03aa3de2c900b437d50b1081f99592bfbecab4b2a5d849d0a6e1608c7e78a68f028a9

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\MomGrabber.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Windows\System32\Wbem\WMIC.exe
      wmic diskdrive get /format:list
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2832
    • C:\Windows\System32\Wbem\WMIC.exe
      wmic baseboard get /format:list
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2844
    • C:\Windows\System32\Wbem\WMIC.exe
      wmic bios get /format:list
      2⤵
        PID:3048
      • C:\Windows\system32\timeout.exe
        timeout 1 /nobreak
        2⤵
        • Delays execution with timeout.exe
        PID:2868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads