Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
10s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
25/09/2024, 16:23
Static task
static1
Behavioral task
behavioral1
Sample
nn.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
nn.bat
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
nn.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
nn.bat
Resource
win11-20240802-en
General
-
Target
nn.bat
-
Size
7KB
-
MD5
a698281208df9c1bf652160db544df96
-
SHA1
95be6b96de22848da36e2031662ba66b3ac8bb5c
-
SHA256
ab2d272037105f2f34b7b1572adbe05069cbcc0625115a2160df73118c25700f
-
SHA512
875c67215b1f628d331df4792a0753ef3887de16505d62266ae514114f498fce3aa67abef521bce819a77146311995e686affeabc0cd251d076924e402262d0e
-
SSDEEP
96:g/WJ/2OwYDFOleGU8xCowaLpRgpeTfhyXz8aOO46bKJUHGYd1GYWRUvg16IGo6jb:JV2O9QCSQUzVRJUH1n1WRsg15u/co4i
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
pid Process 4960 timeout.exe -
Kills process with taskkill 1 IoCs
pid Process 4844 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4844 taskkill.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1468 wrote to memory of 4960 1468 cmd.exe 71 PID 1468 wrote to memory of 4960 1468 cmd.exe 71 PID 1468 wrote to memory of 4844 1468 cmd.exe 72 PID 1468 wrote to memory of 4844 1468 cmd.exe 72
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\nn.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\system32\timeout.exetimeout /t 10 /nobreak2⤵
- Delays execution with timeout.exe
PID:4960
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im svchost.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4844
-