Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/09/2024, 01:57
Static task
static1
Behavioral task
behavioral1
Sample
bapeclient.bat
Resource
win7-20240903-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
bapeclient.bat
Resource
win10v2004-20240802-en
3 signatures
150 seconds
General
-
Target
bapeclient.bat
-
Size
212B
-
MD5
45e402e32c7fabf579c3a048396ca270
-
SHA1
18950dc60c913a0a7b098cbd55d2bf3087d2447a
-
SHA256
9d87e71946d492dc878fdda9ce8693b820dcab116d52b60e429eff37c1b8b707
-
SHA512
b286685f1efd07ade19876c522dd01d47ce9ef6b49da920f96163687e6728cf82f3d21d358029f3f1fe738a524711b6caf71a2ff789c52ef44b28104ed09f916
Score
3/10
Malware Config
Signatures
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2772 PING.EXE -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2772 PING.EXE -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2648 wrote to memory of 2768 2648 cmd.exe 31 PID 2648 wrote to memory of 2768 2648 cmd.exe 31 PID 2648 wrote to memory of 2768 2648 cmd.exe 31 PID 2648 wrote to memory of 2772 2648 cmd.exe 32 PID 2648 wrote to memory of 2772 2648 cmd.exe 32 PID 2648 wrote to memory of 2772 2648 cmd.exe 32 PID 2648 wrote to memory of 2736 2648 cmd.exe 33 PID 2648 wrote to memory of 2736 2648 cmd.exe 33 PID 2648 wrote to memory of 2736 2648 cmd.exe 33
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\bapeclient.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Windows\system32\mode.commode 55, 92⤵PID:2768
-
-
C:\Windows\system32\PING.EXEping localhost -n 5.52⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:2772
-
-
C:\Windows\system32\java.exejava --add-opens java.base/java.lang=ALL-UNNAMED -jar vape-loader.jar2⤵PID:2736
-