Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Documx/de.ps1

windows7-x64

1

Documx/de.ps1

windows10-2004-x64

1

Documx/nb.ps1

windows7-x64

1

Documx/nb.ps1

windows10-2004-x64

1

Documx/res...me.dll

windows7-x64

1

Documx/res...me.dll

windows10-2004-x64

1

Documx/res...me.dll

windows7-x64

1

Documx/res...me.dll

windows10-2004-x64

1

Documx/res...me.dll

windows7-x64

1

Documx/res...me.dll

windows10-2004-x64

1

Documx/res...ro.dll

windows7-x64

1

Documx/res...ro.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Documx/res...ng.dll

windows7-x64

1

Documx/res...ng.dll

windows10-2004-x64

1

Documx/res...le.dll

windows7-x64

1

Documx/res...le.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2023, 06:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Documx/de.ps1

  • Size

    367KB

  • MD5

    cfc9d90273c31ccf66d81739aa76306a

  • SHA1

    ecab570041654b147b3dd118829e2f7ae668f840

  • SHA256

    8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

  • SHA512

    c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

  • SSDEEP

    6144:F+QNkAjzYyqSFaPjON3Be0mzBWCj0Xs5HgIxBI0gql:cQLjMyvFaCN3mzBd5xy0gql

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Documx\de.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2636-58-0x000000001B390000-0x000000001B672000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2636-59-0x000007FEF62D0000-0x000007FEF6C6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2636-61-0x0000000001DF0000-0x0000000001DF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2636-60-0x0000000002530000-0x00000000025B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2636-62-0x0000000002530000-0x00000000025B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2636-63-0x0000000002530000-0x00000000025B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2636-64-0x000007FEF62D0000-0x000007FEF6C6D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2636-65-0x0000000002530000-0x00000000025B0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2636-66-0x000007FEF62D0000-0x000007FEF6C6D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.