Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

c3427c0426...05.ps1

windows7-x64

1

c3427c0426...05.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    185s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps1

  • Size

    10KB

  • MD5

    e6c8516a04bcb196030548538c974ca6

  • SHA1

    bc84d05aef73f333e247cf1ffd8afbbee24f46cf

  • SHA256

    c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205

  • SHA512

    4c9171dc71484b336391ae8449750055ed393401a0c7a7debf917446918e7efec0e4ef69a3904f0a7595b5aa41fd640415a0642f713b023d36aa60842ebdec8d

  • SSDEEP

    192:7f/E874TMfT9axYwOFqtTM9E/pZlldiNTMHPOQ97eFgds2fDlOL1JhhKTTlJKuqn:7fyTMfytTM9E/pZFuTMHPOQ974gds2fI

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\c3427c0426a5c051fa2bfc25b1f0ea532f209e01dfdcef0ea25e17c5b6f3d205.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/396-132-0x00000200AA220000-0x00000200AA242000-memory.dmp

    Filesize

    136KB

    Download

  • memory/396-133-0x00007FFDFB080000-0x00007FFDFBB41000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/396-134-0x00007FFDFB080000-0x00007FFDFBB41000-memory.dmp

    Filesize

    10.8MB

    Download