Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1799s -
max time network
1158s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
05/09/2024, 19:16
General
-
Target
Injector.bat
-
Size
28KB
-
MD5
c2823e12663465c3d4ed6cb56afbeb7a
-
SHA1
8cfa9eb3687179824a8db420cf64992510cf0863
-
SHA256
01324cfb5ade947fcadeaa75ecc4b2d602c46ca3153f7c4fbd00fd1e0c5db3d6
-
SHA512
2d40b80e64a57929d6e9fc0552041029ac15376471fc513cc2a8a6892f938e0de66e85f97bef5489ea27558cc0387b2cb4741c44c252342c2afe1f2b785e64a1
-
SSDEEP
48:SMDRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR3:zMU
Score
8/10
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 52 IoCs
-
Suspicious use of FindShellTrayWindow 37 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Injector.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\system32\cmd.execmd2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\explorer.exeexplorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 436 -p 3212 -ip 32121⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5c317b689c4211cc89f6a7624360f3783
SHA12c260078eddf3736f054b231bb56934662da3e66
SHA25653bb4211f7dbab4bc246dbf18bc3d4e4269a3dd2debbc71054a33cd32e769042
SHA512f98cd0d193d4adcc773e53d61f75120658667ca9c4b3f6c666008d6563458495beeca98cd890f5361d65aa070b0f34d2bc82f20441187d3ebac6a3521407f02e
-
Filesize
17KB
MD5202f06e187e3731eb0a92b677b313b73
SHA177eee468e28284b7353214a7b59c5833d4172f22
SHA256a40a8ff25b6a8eb95d123e3fcbfc51d84fefb4d30aa9da711a11ea4678b17e0a
SHA5121f63b50e51b4f268a15a3d9d7340696c10b49e15b460e50bbc5d913783248469bf2a22eded7f2afd13b9aa538054be92510729a609ddf6fb04d3308f8e2092b1
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
1024KB