Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Files/Apps/7z.bat

windows7-x64

10

Files/Apps...F4.bat

windows7-x64

8

Files/Apps/bts.bat

windows7-x64

3

Files/Apps/chrome.bat

windows7-x64

8

Files/Apps/ctt.bat

windows7-x64

3

Files/Apps...ch.bat

windows7-x64

6

Files/Apps...ox.bat

windows7-x64

1

Files/Apps/flux.bat

windows7-x64

3

Files/Apps/geek.bat

windows7-x64

10

Files/Apps/git.bat

windows7-x64

8

Files/Apps/logo.bat

windows7-x64

3

Files/Apps/pcm.bat

windows7-x64

8

Files/Apps/ps7.bat

windows7-x64

10

Files/Apps/pswin7.bat

windows7-x64

10

Files/Apps/winget.bat

windows7-x64

3

Files/Apps...ys.bat

windows7-x64

3

Files/Back...ry.bat

windows7-x64

1

Files/Comm...me.bat

windows7-x64

1

Files/Comp...ps.bat

windows7-x64

1

Files/Comp...up.bat

windows7-x64

1

Files/GPEE.bat

windows7-x64

1

Files/IPGe...or.exe

windows7-x64

3

Files/IPStealer.bat

windows7-x64

1

Files/Impo...ps.bat

windows7-x64

1

Files/InfoFinder.bat

windows7-x64

1

Files/Malw...et.bat

windows7-x64

1

Files/Newt...on.dll

windows7-x64

1

Files/Pass...or.bat

windows7-x64

1

Files/RAUP.bat

windows7-x64

1

Files/SMBB...er.bat

windows7-x64

1

Files/SSAMBYO.bat

windows7-x64

8

Files/Schn...s).bat

windows7-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Files/Apps/fastfetch.bat

  • Size

    300B

  • MD5

    c6217cbda600f1e677678d6aa64d30d4

  • SHA1

    dda86d62ec1c6dea38d967d72e2cf2557d8707f5

  • SHA256

    c0fdcdf351b3e1660254b073f448c21c9ab9b36da4d480cfef7e05c4ed589619

  • SHA512

    470b2322425caeb48de5066c51221f3ec87c6b6e84dcfc3de705496d9e426c37add0cd2d54ba02006259035b37273f518d9cd512c14e875eee8a2627d4c346f8

Score
6/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Files\Apps\fastfetch.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2732
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "iwr -useb get.scoop.sh | iex"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2240
    • C:\Windows\system32\timeout.exe
      timeout /t 5
      2⤵
      • Delays execution with timeout.exe
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6BRUQC9CLI5651G0BBR3.temp
    Filesize

    7KB

    MD5

    87eaccda3a6f6ac06656bed32517a4b4

    SHA1

    75e14a777b03d80c42ca6f287f841e88cdbbd977

    SHA256

    6fb3830c5ae460f43a097dcf7ae256fa6ec1312c7a9ca15403a111b8edd780ef

    SHA512

    2182307535e23e66be161b1b9d7e6d12df32e2d3792b7870eefcb71ca0b5c258a651a4b05b84c6f0f402a06d57be56c1a946f9c3c4422327d318097ee55dd0a2

    Download Submit

  • memory/2240-18-0x000000001B630000-0x000000001B912000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2240-19-0x0000000001E80000-0x0000000001E88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2732-4-0x000007FEF560E000-0x000007FEF560F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2732-5-0x000000001B640000-0x000000001B922000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2732-6-0x0000000002290000-0x0000000002298000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2732-7-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2732-8-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2732-9-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2732-10-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2732-11-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2732-12-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download