Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
18/11/2023, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6.ps1
Resource
win7-20231020-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6.ps1
Resource
win10v2004-20231020-en
3 signatures
150 seconds
General
-
Target
e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6.ps1
-
Size
1KB
-
MD5
41ada0797867082ed9b08811a639f287
-
SHA1
60d01af5487b7e7d4a7ec793a557d046576d6dd0
-
SHA256
e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6
-
SHA512
4fac1a6b99c1dbbf0634f59538838bdb6019b58cdba6a6fdf9233b7bd7afb9663bc4d3a13ad04e948a4a08b8f7b228b5f35da42a6c1167a939f5445deb773d67
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2292 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2292 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\e83b3fcdc3294e5417307d1591de5eb420d9afb8ca98859161efa7011aff5be6.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2292