Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

9bd5f3e76a...9d.ps1

windows7-x64

1

9bd5f3e76a...9d.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9bd5f3e76a2ba3349ae2a69256c2023ef16631ddc22223759b62d4d208c8179d.ps1

  • Size

    27KB

  • MD5

    a2384680f2beffd2cf7619e9f1abe791

  • SHA1

    310c7b1df03373238edd2e5c4bba516dd4235745

  • SHA256

    9bd5f3e76a2ba3349ae2a69256c2023ef16631ddc22223759b62d4d208c8179d

  • SHA512

    9de3f196ac203043c5897886890f908b255bded0519d08d7fcc5592295de1734aa2a748dc601286ab5e82a6677fddd60d327677c3bb68073d48aa4077798ff09

  • SSDEEP

    384:xN63GXN4dm6UvYbeBn8RcgCH/CLac+c1V1VVAUjFVZ:xNt4d/WnOjF3

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\9bd5f3e76a2ba3349ae2a69256c2023ef16631ddc22223759b62d4d208c8179d.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1156-12-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1156-11-0x0000000002AD0000-0x0000000002B50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1156-10-0x0000000002AD0000-0x0000000002B50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1156-9-0x0000000002AD0000-0x0000000002B50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1156-8-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1156-7-0x0000000002AD0000-0x0000000002B50000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1156-6-0x000007FEF5E80000-0x000007FEF681D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1156-5-0x00000000022A0000-0x00000000022A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1156-4-0x000000001B330000-0x000000001B612000-memory.dmp

    Filesize

    2.9MB

    Download