Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ScaryLarry.bat

windows7-x64

3

ScaryLarry.bat

windows10-2004-x64

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ScaryLarry.bat

  • Size

    1KB

  • MD5

    04e38f8edf7a73a04c94407ffb02e335

  • SHA1

    6a7e89633a43b1323af89e79f5163a23d9382c94

  • SHA256

    0bbb936eebd11c7bd9709a9570db61afd101bbc27d376d52d8ee2688895bc148

  • SHA512

    14d13c90d93edbdbbc0b1061d9d1653a6f8cdc2aad43fee848d3c689f8b820ecb4e41be2ebcadc0b951b677ded3e1228ef7fb71bfbcf2cad43d3c3ecae801fe2

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ScaryLarry.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "& {Add-Type -AssemblyName System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('If you dont dont know what you had executed then press No but if you know what you are doing and you are an malware ethusiat and using proper equipment press Yes ', 'THIS IS A MALWARE', 'YesNo', [System.Windows.Forms.MessageBoxIcon]::Error);}"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2196-4-0x000007FEF5A8E000-0x000007FEF5A8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-5-0x000000001B720000-0x000000001BA02000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2196-6-0x00000000026E0000-0x00000000026E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2196-7-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2196-8-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2196-9-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2196-10-0x000007FEF5A8E000-0x000007FEF5A8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2196-12-0x000007FEF57D0000-0x000007FEF616D000-memory.dmp

    Filesize

    9.6MB

    Download