Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

file01.ps1

windows7-x64

1

file01.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    188s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 20:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file01.ps1

  • Size

    9KB

  • MD5

    7011b4af087cd89be198135531722ee5

  • SHA1

    030cf2c047e8e43062b38366a4d300b5fb4549e1

  • SHA256

    475b007a8368873fab4b02a9ac6443d82a461b1a71d8f3cce60d11dc812cd92c

  • SHA512

    7735982403274c9ee6d1ac6e7f99d9a9c0e67365d8f7e3c91fcb6dbc840ac802d475d3496b31204c81fdc1e2d366ec7afb058f2ed29fe6b06f79504f5bb4e750

  • SSDEEP

    192:3zfoM4e3ADVTKecs14zg6danj8gURTuTDGNdr/gtDNvQ+e3zTOnRDwHzLkLsLtLp:3UM47/N14zHdanj8gURTuTDGNdr/0DNW

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file01.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2792

Network

  • flag-unknown
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 40.126.32.138:443
    260 B
     5
  • 20.50.73.10:443
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    260 B
     5
  • 93.184.221.240:80
    208 B
     4
  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2792-132-0x000002143A960000-0x000002143A982000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2792-133-0x00007FFC91C10000-0x00007FFC926D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2792-134-0x00007FFC91C10000-0x00007FFC926D1000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.