Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...52.dll

windows7-x64

1

Steam Chec...52.dll

windows10-2004-x64

1

Steam Chec...me.dll

windows7-x64

1

Steam Chec...me.dll

windows10-2004-x64

1

Steam Chec...in.dll

windows7-x64

1

Steam Chec...in.dll

windows10-2004-x64

1

Steam Chec...gn.dll

windows7-x64

1

Steam Chec...gn.dll

windows10-2004-x64

1

Steam Chec...ts.dll

windows7-x64

1

Steam Chec...ts.dll

windows10-2004-x64

1

Steam Chec...rk.dll

windows7-x64

1

Steam Chec...rk.dll

windows10-2004-x64

1

Steam Chec....0.dll

windows7-x64

1

Steam Chec....0.dll

windows10-2004-x64

1

Steam Chec...on.dll

windows7-x64

1

Steam Chec...on.dll

windows10-2004-x64

1

Steam Chec...on.exe

windows7-x64

10

Steam Chec...on.exe

windows10-2004-x64

10

Steam Chec...ne.dll

windows7-x64

1

Steam Chec...ne.dll

windows10-2004-x64

1

Steam Chec...en.dll

windows7-x64

1

Steam Chec...en.dll

windows10-2004-x64

1

Steam Chec...ig.bat

windows7-x64

10

Steam Chec...ig.bat

windows10-2004-x64

10

Steam Chec...C2.ps1

windows7-x64

1

Steam Chec...C2.ps1

windows10-2004-x64

1

Steam Chec...To.ps1

windows7-x64

1

Steam Chec...To.ps1

windows10-2004-x64

1

Steam Chec...rk.bat

windows7-x64

10

Steam Chec...rk.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01/01/2023, 04:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Steam Checker By abbadon/config/System/CopyTo.ps1

  • Size

    195B

  • MD5

    4cad39a3c49a131b8d172fca8259f2fa

  • SHA1

    940a0789c909d26de9357533bf5dd1ad2db01b4a

  • SHA256

    2273ff44dd60f9ef1a13a1867355b8181c6fbd2b8ef2f8d0ef426538c841dd7e

  • SHA512

    0fb9127f8b0a63d3abb52d83b078aaeaaaf964e897a148ae09bf76c0539633f59dd6c467945fa24c3eb03dbc03a7811387e2e2773a652ed6585f6049c97fb72f

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Steam Checker By abbadon\config\System\CopyTo.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5016-132-0x0000029821750000-0x00000298217D2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/5016-133-0x00000298209F0000-0x0000029820A12000-memory.dmp

    Filesize

    136KB

    Download

  • memory/5016-134-0x00000298209E0000-0x00000298209F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5016-135-0x00000298219F0000-0x0000029821AF2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5016-136-0x00007FFA05DD0000-0x00007FFA06891000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5016-137-0x00007FFA05DD0000-0x00007FFA06891000-memory.dmp

    Filesize

    10.8MB

    Download