Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

test.bat

windows10-1703-x64

3

test.bat

android-9-x86

test.bat

macos-10.15-amd64

1

Analysis

  • max time kernel
    343s
  • max time network
    1548s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240711.1-en
  • resource tags

    arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    21/08/2024, 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test.bat

  • Size

    1KB

  • MD5

    81a7089c8a688fc973dea87a346a2538

  • SHA1

    add255a1b8a15f6b6791845feafc7c8506fb5e83

  • SHA256

    ece1e7c9a353c726477a36d2ee79a3db1228a6d3142460f029433f29aedc233b

  • SHA512

    b6ed704846da2e887531b37b04029041927cbaf294f50629ea0795e57fb2548df80aeee73213e336f1d873cc92c4fd9d458edf09eb75412eb7d94999187c2b60

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/test.bat\""
    1⤵
      PID:475
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/test.bat\""
      1⤵
        PID:475
      • /usr/bin/sudo
        sudo /bin/zsh -c /Users/run/test.bat
        1⤵
          PID:475
          • /bin/zsh
            /bin/zsh -c /Users/run/test.bat
            2⤵
              PID:486
            • /Users/run/test.bat
              /Users/run/test.bat
              2⤵
                PID:486
              • /bin/sh
                sh /Users/run/test.bat
                2⤵
                  PID:486
                • /bin/bash
                  sh /Users/run/test.bat
                  2⤵
                    PID:486
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.emond.aslmanager
                  1⤵
                    PID:477
                  • /usr/sbin/aslmanager
                    /usr/sbin/aslmanager -s /var/log/eventmonitor
                    1⤵
                      PID:477
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.var-db-dslocal-backup
                      1⤵
                        PID:478
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.logkextloadsd
                        1⤵
                          PID:479
                        • /usr/bin/xar
                          /usr/bin/xar -c -f dslocal-backup.xar dslocal
                          1⤵
                            PID:478
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.bsd.dirhelper
                            1⤵
                              PID:480
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.gkreport
                              1⤵
                                PID:481
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.systemstats.daily
                                1⤵
                                  PID:482
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.newsyslog
                                  1⤵
                                    PID:483
                                  • /usr/libexec/gkreport
                                    /usr/libexec/gkreport
                                    1⤵
                                      PID:481
                                    • /usr/sbin/newsyslog
                                      /usr/sbin/newsyslog
                                      1⤵
                                        PID:483
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                        1⤵
                                          PID:528
                                        • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                          1⤵
                                            PID:528
                                          • /bin/launchctl
                                            /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                            1⤵
                                              PID:531
                                            • /bin/launchctl
                                              /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                              1⤵
                                                PID:532
                                              • /usr/libexec/xpcproxy
                                                xpcproxy com.apple.diagnosticd
                                                1⤵
                                                  PID:545
                                                • /usr/libexec/diagnosticd
                                                  /usr/libexec/diagnosticd
                                                  1⤵
                                                    PID:545

                                                  Network

                                                  MITRE ATT&CK Matrix

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads