Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

NoSystem/F...em.bat

windows7-x64

NoSystem/F...em.bat

windows10-2004-x64

1

NoSystem/Run.bat

windows7-x64

1

NoSystem/Run.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    8s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 11:52

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    NoSystem/Files/NoSystem.bat

  • Size

    687B

  • MD5

    10c485f459c9bec8c9b44b0f6bab8c5a

  • SHA1

    67606b4cb506564e11b449534946c281f2e20ba4

  • SHA256

    fcf6b8a7fc27090adb674b1102fa70dce0cf330a8c66c709b5873ae0641ce94e

  • SHA512

    bb74afc6139fb6992a92c9648bd9ffddcc7cec29e478741eec8aeaaef895ba77e2300e8269f20857126c5d71c9e84904a7773d03b3f40ba8f81e47b03e64a12d

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\NoSystem\Files\NoSystem.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\system32\shutdown.exe
      shutdown /r /t 0
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2904
    • C:\Windows\system32\timeout.exe
      timeout 1 /nobreak
      2⤵
      • Delays execution with timeout.exe
      PID:2008
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2156
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x534
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2988
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2616

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2156-0-0x00000000029C0000-0x00000000029C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2616-1-0x00000000026E0000-0x00000000026E1000-memory.dmp

        Filesize

        4KB

        Download