Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cmd.exe

windows7-x64

7

cmd.exe

windows10-2004-x64

8

cmd.exe

windows10-ltsc 2021-x64

10

cmd.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cmd.exe

  • Size

    6.0MB

  • Sample

    241123-w8fqlszpes

  • MD5

    b2fe874c2e11c56edf05c5250a8c966f

  • SHA1

    06d6e28c3cb46e06195a5f8c360d8eeaddfb1c06

  • SHA256

    255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f

  • SHA512

    915ec47beaf9a572c135fe0ddcccf2bb18b6620dcaf9fc8069436e4fe8d3dce15424c3043b45668c7c4f81e513bb731d7bd310eacea6ea1e01cb019b1cc71b90

  • SSDEEP

    98304:skEtdFBCm/I5NamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOnAKuP/ty/:szFIm/PeN/FJMIDJf0gsAGK4R0nAKuXq

Score
10/10
blankgrabbercollectiondefense_evasiondiscoveryevasionexecutionspywarestealerupx

Malware Config

Targets

    • Target

      cmd.exe

    • Size

      6.0MB

    • MD5

      b2fe874c2e11c56edf05c5250a8c966f

    • SHA1

      06d6e28c3cb46e06195a5f8c360d8eeaddfb1c06

    • SHA256

      255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f

    • SHA512

      915ec47beaf9a572c135fe0ddcccf2bb18b6620dcaf9fc8069436e4fe8d3dce15424c3043b45668c7c4f81e513bb731d7bd310eacea6ea1e01cb019b1cc71b90

    • SSDEEP

      98304:skEtdFBCm/I5NamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOnAKuP/ty/:szFIm/PeN/FJMIDJf0gsAGK4R0nAKuXq

    Score
    10/10
    upxcollectiondefense_evasiondiscoveryexecutionspywarestealerevasion

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.