Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...52.dll

windows7-x64

1

Steam Chec...52.dll

windows10-2004-x64

1

Steam Chec...me.dll

windows7-x64

1

Steam Chec...me.dll

windows10-2004-x64

1

Steam Chec...in.dll

windows7-x64

1

Steam Chec...in.dll

windows10-2004-x64

1

Steam Chec...gn.dll

windows7-x64

1

Steam Chec...gn.dll

windows10-2004-x64

1

Steam Chec...ts.dll

windows7-x64

1

Steam Chec...ts.dll

windows10-2004-x64

1

Steam Chec...rk.dll

windows7-x64

1

Steam Chec...rk.dll

windows10-2004-x64

1

Steam Chec....0.dll

windows7-x64

1

Steam Chec....0.dll

windows10-2004-x64

1

Steam Chec...on.dll

windows7-x64

1

Steam Chec...on.dll

windows10-2004-x64

1

Steam Chec...on.exe

windows7-x64

10

Steam Chec...on.exe

windows10-2004-x64

10

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...en.dll

windows7-x64

1

Steam Chec...en.dll

windows10-2004-x64

1

Steam Chec...ig.bat

windows7-x64

10

Steam Chec...ig.bat

windows10-2004-x64

10

Steam Chec...C2.ps1

windows7-x64

1

Steam Chec...C2.ps1

windows10-2004-x64

1

Steam Chec...To.ps1

windows7-x64

1

Steam Chec...To.ps1

windows10-2004-x64

1

Steam Chec...rk.bat

windows7-x64

10

Steam Chec...rk.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-es
  • resource tags

    arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    01/01/2023, 04:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Steam Checker By abbadon/config/System/C2.ps1

  • Size

    216B

  • MD5

    f686af0c71099697b9e3cdb67dafde71

  • SHA1

    e24acca7145e84c4cb95627d8402895d0cf15dea

  • SHA256

    b64e5111b381cf66fd84aaf59ea503adf737c620ef550363466ce15822f52743

  • SHA512

    b2d90ac3447afbba7b0a6f43584f9d9533b0980dbb74e9d084f108cbcc80c3b299cbf120bfae13c4fbeb952c5208c99a4a08492ac0b732ebe1c1f8dbbbbeb5cc

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Steam Checker By abbadon\config\System\C2.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-54-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1036-55-0x000007FEF4AD0000-0x000007FEF54F3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1036-56-0x000007FEF3F70000-0x000007FEF4ACD000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1036-57-0x0000000002884000-0x0000000002887000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1036-58-0x000000001B790000-0x000000001BA8F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1036-59-0x0000000002884000-0x0000000002887000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1036-60-0x000000000288B000-0x00000000028AA000-memory.dmp

    Filesize

    124KB

    Download