Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Autoruns64.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Autoruns64.bat

  • Size

    2.8MB

  • Sample

    241013-pghbsswclb

  • MD5

    584382c704d89b38304612ee425a852f

  • SHA1

    9d842c7c34bb0c6a00eea6f68ac278bb1ace926c

  • SHA256

    a01df00146e7c4c1d921a912c1791a32531093f570575005c0d2088c4e00afae

  • SHA512

    8055b34e651be041fb68f28e1731e6e09d1d400de7fd0b1eac40d2d9061057405170dfd1fbed0b4e968dd79bd185e9a41120c058880f614239792c9558bfe85c

  • SSDEEP

    49152:0GKnII7kx63o02hXAQlJUdJwjnJnjyEUr:0F

Score
8/10
defense_evasionexecution

Malware Config

Targets

    • Target

      Autoruns64.bat

    • Size

      2.8MB

    • MD5

      584382c704d89b38304612ee425a852f

    • SHA1

      9d842c7c34bb0c6a00eea6f68ac278bb1ace926c

    • SHA256

      a01df00146e7c4c1d921a912c1791a32531093f570575005c0d2088c4e00afae

    • SHA512

      8055b34e651be041fb68f28e1731e6e09d1d400de7fd0b1eac40d2d9061057405170dfd1fbed0b4e968dd79bd185e9a41120c058880f614239792c9558bfe85c

    • SSDEEP

      49152:0GKnII7kx63o02hXAQlJUdJwjnJnjyEUr:0F

    Score
    8/10
    defense_evasionexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

      defense_evasion

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks