Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Pass 8864/...on.exe

windows10-ltsc 2021-x64

10

Pass 8864/...on.exe

windows10-2004-x64

10

Pass 8864/...re.dll

windows11-21h2-x64

1

Pass 8864/...re.dll

windows10-2004-x64

1

Pass 8864/...ms.dll

windows10-2004-x64

1

Pass 8864/...ms.dll

windows10-2004-x64

1

Pass 8864/...pf.dll

windows10-2004-x64

1

Pass 8864/...pf.dll

windows10-2004-x64

1

Pass 8864/...on.dll

windows11-21h2-x64

1

Pass 8864/...on.dll

windows10-2004-x64

1

Pass 8864/...is.dll

windows10-2004-x64

1

Pass 8864/...is.dll

windows10-2004-x64

1

Pass 8864/...4l.exe

windows10-2004-x64

1

Pass 8864/...4l.exe

windows10-2004-x64

1

Pass 8864/...it.bat

windows10-2004-x64

1

Pass 8864/...it.bat

windows10-2004-x64

1

Pass 8864/...ge.bat

windows11-21h2-x64

1

Pass 8864/...ge.bat

windows10-2004-x64

1

Pass 8864/...er.dll

windows10-2004-x64

1

Pass 8864/...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2024, 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pass 8864/Argon/fix exploit.bat

  • Size

    1KB

  • MD5

    5289fa561dcb8647582896af6528671a

  • SHA1

    fda5871c543e9986194aa7c027aad8206d9bbe4a

  • SHA256

    762048396be01b02e2fb949f4276179732da23799cfb715600e333d7597475bc

  • SHA512

    f8e90026dce457483ef7a5f5341bfb54a16432457e1139b5d8f4a6d18374e05668e7e4f1248dba0ed23ce036261803094b295493eac03fcb56859d5c3fe7b679

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 6 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Pass 8864\Argon\fix exploit.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:392
    • C:\Windows\system32\timeout.exe
      timeout /t 5
      2⤵
      • Delays execution with timeout.exe
      PID:4400
    • C:\Windows\system32\timeout.exe
      timeout /t 2
      2⤵
      • Delays execution with timeout.exe
      PID:5024
    • C:\Windows\system32\timeout.exe
      timeout /t 2
      2⤵
      • Delays execution with timeout.exe
      PID:1832
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\f82tdfLg.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:800
      • C:\Windows\system32\timeout.exe
        timeout /t 60 /nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:3980
      • C:\Windows\system32\timeout.exe
        timeout /t 60 /nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:3812
      • C:\Windows\system32\timeout.exe
        timeout /t 60 /nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\f82tdfLg.bat
    Filesize

    45B

    MD5

    66029d9cd3c4e3c90648131090b6b0a8

    SHA1

    4d92eacc33ee0b393bfb34717c48f42aeca762c2

    SHA256

    a71cadae7538b152490e6c2e5c2aa21aaa689285cb678adf73ca1d1841cad7e1

    SHA512

    ee6711b9d26b7a3927a844b3789735432b150fdf4f58e48e6d9af8cf130a15f8f8a2d4f825992c1282eea2362b30c6fe47322dcea25fd6569768fdfc122c638f

    Download Submit