Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
25/11/2022, 23:36
General
-
Target
8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db.ps1
-
Size
4KB
-
MD5
9e0d1782f094e5f56009677689af8bbb
-
SHA1
c5bad0ef4f06f98e961c6bddc19d85c69ca2abca
-
SHA256
8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db
-
SHA512
7c4c057d5c2cd9c478d4e06131381f685b0aaf954097e19e3df322e926f80ba37ac2a4eb9920cfd48c9fe079a9d412569ac0349295841fff586166fdcf770a61
-
SSDEEP
96:15b03oAbpRLbIa6nSgjbIEFMbDrjQWSLl+XHeeSIME++Arl+G8pKm:15b05bpRLbIa6npjsEWbDnZ+e1MR+ARk
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\8c0bcd1d56c7501fe984772c324567e89e1f12f4d2339461b7dcc024a1dd01db.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB