Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
185s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25/11/2022, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps1
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps1
Resource
win10v2004-20221111-en
General
-
Target
c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps1
-
Size
10KB
-
MD5
e6c8516a04bcb196030548538c974ca6
-
SHA1
bc84d05aef73f333e247cf1ffd8afbbee24f46cf
-
SHA256
c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205
-
SHA512
4c9171dc71484b336391ae8449750055ed393401a0c7a7debf917446918e7efec0e4ef69a3904f0a7595b5aa41fd640415a0642f713b023d36aa60842ebdec8d
-
SSDEEP
192:7f/E874TMfT9axYwOFqtTM9E/pZlldiNTMHPOQ97eFgds2fDlOL1JhhKTTlJKuqn:7fyTMfytTM9E/pZFuTMHPOQ974gds2fI
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 396 powershell.exe 396 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 396 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:396