Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

QQũ...fo.url

windows7-x64

1

QQũ...fo.url

windows10-2004-x64

1

QQ�...��.exe

windows7-x64

3

QQ�...��.exe

windows10-2004-x64

3

װ�...��.bat

windows7-x64

3

װ�...��.bat

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2024, 22:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    װ.bat

  • Size

    575B

  • MD5

    e96b4199d39f8d9d186a89473493ada7

  • SHA1

    4bf4fdc1772b0bf40fc5c0386ffae947e8b01120

  • SHA256

    939a2280fb615a2bed488d0877944ab946c3413a11e2302f0313d94fd3d05c3b

  • SHA512

    df04d9f07dc8bbec72059f4f2e22290083d4fc7c9178f8581ccbc626f9dcbbb29e1f0c1f5a5489053ca5217f9ec53910b078374de92e3650706ce28dab2c20bf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\װ.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cscript.exe //nologo tmp.vbs
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Windows\system32\cscript.exe
        cscript.exe //nologo tmp.vbs
        3⤵
          PID:2148

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp.vbs
      Filesize

      117B

      MD5

      1d2bef58f9705ac85136c45b474f7ed1

      SHA1

      e99dfdd4653328a0546aeb89c6dc63f874096362

      SHA256

      02c49768a2ecbd86349845223ad4f75c9ab71bce7f6ce4bc292cf288c475d8c9

      SHA512

      b0330548cfd71cee410d33aed0e877757a0495a985d6e43496a1a5b62c7dc9efef1a23efefe6c66abbb2614764733aab311751090d85b1049c7f01b9240d97b1

      Download Submit