Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 20:50
Static task
static1
Behavioral task
behavioral1
Sample
file.ps1
Resource
win7-20230712-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.ps1
Resource
win10-20230703-en
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
file.ps1
Resource
win10v2004-20230703-en
3 signatures
150 seconds
General
-
Target
file.ps1
-
Size
19B
-
MD5
9f52a1e80abf80b53104c4990807b82a
-
SHA1
a46efa43abe45c11e732cd12f171ab8da27b392d
-
SHA256
1a3bfa106f73b81714ba7088aa3361192e092efb9b44dd249be84ab19ca08642
-
SHA512
308ada3f7f8c0616e2f08a6119c4b4601406b5393162aa3ce5145ead5faa661d3d124ab5a348c4cc2aa7d3000223d828cd534243a4171c6b550029eac8f81a88
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2676 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2676 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2676 wrote to memory of 2580 2676 powershell.exe 29 PID 2676 wrote to memory of 2580 2676 powershell.exe 29 PID 2676 wrote to memory of 2580 2676 powershell.exe 29
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\file.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\system32\shutdown.exe"C:\Windows\system32\shutdown.exe" -P now2⤵PID:2580
-