Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

New Text Document.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Text Document.bat

  • Size

    420B

  • Sample

    250327-e724sazjz5

  • MD5

    a70e4c8ecd39f86f9571017f40f7385d

  • SHA1

    c43b7b293d3d98aead16ad7f5f318fc6cd28fcef

  • SHA256

    c98b9d1f92f5676de11a1ef22d70c925799c39f094c9be771114b49fe7506897

  • SHA512

    76e8925caa776e9c5dd674851562b9339c62ae4f4111ff1d1cb4354ba4a72d3ab323e8ac12d311faa54801b9c9229b395a78310b1ccdfa9860ad9b3de513941b

Score
8/10
discoveryexploitpersistence

Malware Config

Targets

    • Target

      New Text Document.bat

    • Size

      420B

    • MD5

      a70e4c8ecd39f86f9571017f40f7385d

    • SHA1

      c43b7b293d3d98aead16ad7f5f318fc6cd28fcef

    • SHA256

      c98b9d1f92f5676de11a1ef22d70c925799c39f094c9be771114b49fe7506897

    • SHA512

      76e8925caa776e9c5dd674851562b9339c62ae4f4111ff1d1cb4354ba4a72d3ab323e8ac12d311faa54801b9c9229b395a78310b1ccdfa9860ad9b3de513941b

    Score
    8/10
    discoveryexploitpersistence

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

      exploit

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks