Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

psgetsys.ps1

windows7-x64

1

psgetsys.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/11/2023, 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    psgetsys.ps1

  • Size

    5KB

  • MD5

    5a53aa2ad06929f92a3c31c572464eaa

  • SHA1

    3e923a44f61a93aa42d3511bc83e587dfbaae023

  • SHA256

    0a1d1ec1ba1daa5117df44fd6f3479172c8412d75352c4a2833b5ff9c2024e30

  • SHA512

    fab0c0847ff559f3fe0af1b2d68b240240bb3041fd4323b72d296486494d8e909492347fd5e456cd08d933459d9c486cbde65ed261c758fe1c3f4854e58523a2

  • SSDEEP

    96:LEzAjNPI3fKWXbSyACvTXT08qOfzoqySystgEWyBVp:LExiWrSyvjfBRtgEWyBr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\psgetsys.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:532
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:376
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4572

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      b64038af81e96c5f041fbea61322238d

      SHA1

      61017a08dcc9dce05f9b5cbdf635a110c27795c1

      SHA256

      2f87ebad5175681e8f61535b0e93fc20e6c53069a2660957369e308eaafe848b

      SHA512

      dcbb8db0365b56d4dc693051799337bfcea838a75abcae66350813de8ddab4b052714326c42e6d82f3651caa26ed5d540e9cd7fdfe8ac7f3ed6114bba27f8f6a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2nvroyns.mjc.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/532-2-0x00000210618D0000-0x00000210618F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/532-12-0x00007FFD85C10000-0x00007FFD866D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/532-13-0x00007FFD85C10000-0x00007FFD866D1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4572-52-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-56-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-47-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-48-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-49-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-50-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-51-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-30-0x0000027F84F90000-0x0000027F84FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4572-53-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-54-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-55-0x0000027F8D5A0000-0x0000027F8D5A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-46-0x0000027F8D580000-0x0000027F8D581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-57-0x0000027F8D1D0000-0x0000027F8D1D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-58-0x0000027F8D1C0000-0x0000027F8D1C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-60-0x0000027F8D1D0000-0x0000027F8D1D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-63-0x0000027F8D1C0000-0x0000027F8D1C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-66-0x0000027F8D100000-0x0000027F8D101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-14-0x0000027F84E90000-0x0000027F84EA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4572-78-0x0000027F8D300000-0x0000027F8D301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-80-0x0000027F8D310000-0x0000027F8D311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-81-0x0000027F8D310000-0x0000027F8D311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4572-82-0x0000027F8D420000-0x0000027F8D421000-memory.dmp

      Filesize

      4KB

      Download