Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
16/09/2024, 00:20
240916-am1yrszfnp 727/08/2024, 02:41
240827-c6tpxa1amm 725/08/2024, 21:44
240825-1lgrlsycjn 7Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
27/08/2024, 02:41
Static task
static1
Behavioral task
behavioral1
Sample
instalar.bat
Resource
win7-20240729-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
instalar.bat
Resource
win10v2004-20240802-en
8 signatures
150 seconds
General
-
Target
instalar.bat
-
Size
723B
-
MD5
703a2827ebab01c16b4f9b8f079a2fcd
-
SHA1
6ae6cbd62274a7cd56049838758332801e4650e1
-
SHA256
8410c88626348bdc1a9600458b2f2865427bec8fd6ac6b6320d9554afe41de61
-
SHA512
52f91b51108d6bdff7649ac77c406b95e609489482695cb147e4a22347b46013ce3563700adeb4be4637212d112db0b87397a14d26903c4e98e96a53fc9213f7
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2652 cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
pid Process 2684 timeout.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2652 wrote to memory of 2684 2652 cmd.exe 32 PID 2652 wrote to memory of 2684 2652 cmd.exe 32 PID 2652 wrote to memory of 2684 2652 cmd.exe 32