Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

qux/action/load.ps1

windows7-x64

1

qux/action/load.ps1

windows10-2004-x64

1

qux/error.html

windows7-x64

1

qux/error.html

windows10-2004-x64

1

qux/footer.js

windows7-x64

1

qux/footer.js

windows10-2004-x64

1

qux/func/forum.ps1

windows7-x64

1

qux/func/forum.ps1

windows10-2004-x64

1

qux/func/f...min.js

windows7-x64

1

qux/func/f...min.js

windows10-2004-x64

1

qux/func/functions.js

windows7-x64

1

qux/func/functions.js

windows10-2004-x64

1

qux/func/ip2c/ip2c.js

windows7-x64

1

qux/func/ip2c/ip2c.js

windows10-2004-x64

1

qux/func/p...ode.js

windows7-x64

1

qux/func/p...ode.js

windows10-2004-x64

1

qux/func/shop.ps1

windows7-x64

1

qux/func/shop.ps1

windows10-2004-x64

1

qux/func/timthumb.ps1

windows7-x64

1

qux/func/timthumb.ps1

windows10-2004-x64

1

qux/func/t...ike.js

windows7-x64

1

qux/func/t...ike.js

windows10-2004-x64

1

qux/func/t...ror.js

windows7-x64

1

qux/func/t...ror.js

windows10-2004-x64

1

qux/func/t...css.js

windows7-x64

1

qux/func/t...css.js

windows10-2004-x64

1

qux/func/t...xed.js

windows7-x64

1

qux/func/t...xed.js

windows10-2004-x64

1

qux/func/t...ipt.js

windows7-x64

1

qux/func/t...ipt.js

windows10-2004-x64

1

qux/func/t...php.js

windows7-x64

1

qux/func/t...php.js

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 20:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qux/func/shop.ps1

  • Size

    53KB

  • MD5

    7ffd0fb640007f4625f1e3ba735521b3

  • SHA1

    64f54d1e0a6f279a7f7858c5408b75ff15fb07f7

  • SHA256

    f241a83818703c69584495719b152dea916abd9e6941fcb30610ad7a4f8881b1

  • SHA512

    1e6cead0455c9f5cde50b5e7b958c526543e619d3c2c63c2363f2dca3a30cebb0e85a0efa3c223cc7b8d7ae7e56a2fc65fc6a3297fc2ec650a8f9544b64ab892

  • SSDEEP

    768:BUKefArwUzvl3TVkYOJltjkrq4GRupV/eBQlmQE8eNO9z7lNmGc2+ySs:RJwUzhTVkYIltjkfh/ek7dlNmG7+ySs

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\qux\func\shop.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1980

Network

  • flag-us
    DNS
    23.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 52.111.229.43:443
    322 B
     7
  • 8.8.8.8:53
    23.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.173.189.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vrpp5vqw.i0v.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/1980-9-0x000001AF2ABB0000-0x000001AF2ABD2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1980-10-0x00007FFCE0B70000-0x00007FFCE1631000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1980-11-0x000001AF11D50000-0x000001AF11D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-12-0x000001AF11D50000-0x000001AF11D60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1980-14-0x00007FFCE0B70000-0x00007FFCE1631000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.