Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Malware-1-master.zip

windows7-x64

1

Malware-1-...30.exe

windows7-x64

10

Malware-1-...40.exe

windows7-x64

10

Malware-1-...32.exe

windows7-x64

10

Malware-1-.../5.exe

windows7-x64

10

Malware-1-...91.exe

windows7-x64

10

Malware-1-...ey.exe

windows7-x64

7

Malware-1-....0.zip

windows7-x64

1

Malware-1-...ad.exe

windows7-x64

3

Malware-1-...ti.exe

windows7-x64

5

Malware-1-...an.bat

windows7-x64

7

Malware-1-...an.exe

windows7-x64

3

Malware-1-...ve.bat

windows7-x64

7

Malware-1-...ve.exe

windows7-x64

6

Malware-1-...ya.exe

windows7-x64

6

Malware-1-...re.exe

windows7-x64

10

Malware-1-...ry.exe

windows7-x64

10

Malware-1-...ck.exe

windows7-x64

3

Malware-1-...he.exe

windows7-x64

10

Malware-1-...op.exe

windows7-x64

7

Malware-1-...rb.exe

windows7-x64

10

Malware-1-...ue.exe

windows7-x64

1

Malware-1-...ng.exe

windows7-x64

6

Malware-1-...kt.bat

windows7-x64

7

Malware-1-...o3.exe

windows7-x64

10

Malware-1-...ey.exe

windows7-x64

10

Malware-1-.../m.exe

windows7-x64

Malware-1-...o3.exe

windows7-x64

9

Malware-1-...dme.md

windows7-x64

3

Malware-1-...er.zip

windows7-x64

1

Malware-1-...ic.exe

windows7-x64

3

Malware-1-...in.exe

windows7-x64

10

Resubmissions

13/02/2025, 01:26 UTC

250213-btppra1pcz 10

17/01/2025, 20:14 UTC

250117-yz7h3s1qfw 10

17/01/2025, 20:12 UTC

250117-yy9l2sslcr 10

17/01/2025, 17:25 UTC

250117-vy9p9sxpez 10

17/01/2025, 17:21 UTC

250117-vw8eesyjfp 10

17/01/2025, 14:16 UTC

250117-rk9ass1rhk 10

17/01/2025, 14:12 UTC

250117-rhv1ds1lds 10

16/01/2025, 12:52 UTC

250116-p4et7a1mez 10

Analysis

  • max time kernel
    138s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2025, 15:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware-1-master/MEMZ-Clean.bat

  • Size

    9KB

  • MD5

    bbae81b88416d8fba76dd3145a831d19

  • SHA1

    42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

  • SHA256

    5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

  • SHA512

    f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

  • SSDEEP

    192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

Score
7/10
discoveryexecution

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\system32\cscript.exe
      cscript x.js
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2832
    • C:\Users\Admin\AppData\Roaming\MEMZ.exe
      "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MALWAR~1\z.zip
    Filesize

    5KB

    MD5

    d2ea024b943caa1361833885b832d20b

    SHA1

    1e17c27a3260862645bdaff5cf82c44172d4df9a

    SHA256

    39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

    SHA512

    7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x
    Filesize

    8KB

    MD5

    5ce1a2162bf5e16485f5e263b3cc5cf5

    SHA1

    e9ec3e06bef08fcf29be35c6a4b2217a8328133c

    SHA256

    0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

    SHA512

    ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x
    Filesize

    2KB

    MD5

    237c476929ae162a3ed4a77b5a8b81cb

    SHA1

    2c63d0e69334a5c3b2b221caedc557514749fca2

    SHA256

    8cf7a74ed9c9469ce8af80dae6de1dc0bc1e063881cdfef632ff0c48ec3606fe

    SHA512

    b33ae02ca0d1a73125eb01e485b9b8503cb451668a4fb23fb47c35914603c6dab6032772acbe6689d6376782abb13ccac172e1b85973a5e5b3857ef50a187f8a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x
    Filesize

    858B

    MD5

    9ada52a951330f55a7eeed735464f140

    SHA1

    57977e905089aa9b524c19f06da15e20c884c824

    SHA256

    9d9bf800a69f503fa92dd006a51bc00669be6d5f324d0329f9845038eb8c59b7

    SHA512

    9db7f81bf20483859d7776b533657c055934d6187ef9b100064369210b2d037ccbfdeffe29213414d979b82556d106a1e4c782ec04ad7b6274b14fc54d73c3f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x
    Filesize

    4KB

    MD5

    20e335859ff991575cf1ddf538e5817c

    SHA1

    1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

    SHA256

    88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

    SHA512

    012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js
    Filesize

    448B

    MD5

    8eec8704d2a7bc80b95b7460c06f4854

    SHA1

    1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

    SHA256

    aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

    SHA512

    e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

    Download Submit

  • C:\Users\Admin\AppData\Roaming\MEMZ.exe
    Filesize

    12KB

    MD5

    9c642c5b111ee85a6bccffc7af896a51

    SHA1

    eca8571b994fd40e2018f48c214fab6472a98bab

    SHA256

    4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

    SHA512

    23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

    Download Submit

  • memory/2832-120-0x0000000001F20000-0x0000000001F21000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.