Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

eaeaeaeee.bat

windows7-x64

6

eaeaeaeee.bat

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eaeaeaeee.bat

  • Size

    445B

  • MD5

    d93d75c719ffe8e6b764a4d11b9e6f01

  • SHA1

    1836b255dc4bb799cc23fff4d2aa2ef2e1be60e3

  • SHA256

    f0698229699c02178f7a56c8db240b5b8c7704610821d0f79962125a631bd348

  • SHA512

    d10ab288fb1100159563f8484c2e95bf23133004c5489980a1afbe6143913c8256f8032a057a702c4cd623bded046621d0c95f12385c3cad27f23df2b70e3121

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\eaeaeaeee.bat"
    1⤵
      PID:2368
    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
      1⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Windows Media Player\wmpshare.exe
        "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:2980
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1448

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf76e936.TMP
        Filesize

        1KB

        MD5

        fb6f2d28de9773868f1f645d127b2834

        SHA1

        ea2a7de8e4b5dd08979b5a6c9f34d5ee04cf0ab1

        SHA256

        015755ae429d19632b082ac3f4150ec29c1b7ae7c16836f54b5ef83a16d42e6f

        SHA512

        387e8945f1cd62c878a8a64c2fab14e5805e40e88496480a333763b01ef6d6e8d6507b85f363404bb6714481411c9df0e5fe2005a00834fac323336aff6b1dcb

        Download Submit

      • C:\Users\Admin\Desktop\Folder1\File5.txt
        Filesize

        26KB

        MD5

        c0d391fee1aec009ca1d162becf8c3f5

        SHA1

        9b7ab68c6efe52e193f9f48fab8baebc12661953

        SHA256

        06ff12f2ebc0d2d3523e4a118d4912a4129017af7994ff01c8d919f3b10683ed

        SHA512

        164b569a1706564a448b4ec15ecfcc3d94c1c5dce86f92dd498ce9ffc4ab3a5398a92e5f2b5f084017f6dab85454743bf07d42224790bd2a606b2d5b86d873fe

        Download Submit

      • memory/2676-83-0x0000000000330000-0x0000000000331000-memory.dmp

        Filesize

        4KB

        Download