Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/04/2024, 17:37

240415-v66nksed8w 7

15/04/2024, 17:34

240415-v5ll1sed3z 7

15/04/2024, 17:30

240415-v3fmzsca66 3

15/04/2024, 17:27

240415-v1vdcseb8w 7

General

  • Target

    WindowsPowerShell.zip

  • Size

    2.9MB

  • Sample

    240415-v1vdcseb8w

  • MD5

    4beaf6b031c0c5207b19918913b57e0d

  • SHA1

    c9856b91a671619302799d166875cfda119fb121

  • SHA256

    0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

  • SHA512

    3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e

  • SSDEEP

    49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score
7/10

Malware Config

Targets

    • Target

      WindowsPowerShell/v1.0/Modules/ConfigDefenderPerformance/MSFT_MpPerformanceRecording.psm1

    • Size

      78KB

    • MD5

      0c1e5e59eb65ac478dfa977a1e8b7973

    • SHA1

      b57a996fabe2557774dcc500b2aa9e40359bc47b

    • SHA256

      2d844659aebd039dae0ea731d5187219a08ecc8739cd6f87e8a78bf118a85a1a

    • SHA512

      11fa03fff71f3f9dff78e9b3575074902928707b75840630067b7ebb9d7ebc1454c7d41aeb26c1ca466a79b2fea941780a118ef2066bc16aa65628f6b3ef7526

    • SSDEEP

      1536:yP1YeVLqzm4vFo1BWMWuT7qCW+H/8kQYl9mrd3wG8OGPDKQxV1AcJRBF/AwgFXbj:yCehqzm4vFo1BWMWuT7qCW+H/8kQYl9y

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/DnsClient/dnslookup.dll

    • Size

      38KB

    • MD5

      44a79a8ce32347dc70910bb6bfb6f27b

    • SHA1

      c4c75c3b819dc0eda74bc0943621c2c176d0a788

    • SHA256

      7c307423e564ff3cf8143086871575d62ab76444d1f55d166cfaee4951f2622b

    • SHA512

      f0e5ec8608190d0980dfa22840387c70b0949815d2f1636497668e5cbda279cf4a1914cbb071528a665e7a94004f4063234f535bbc4b217aa81adbb7492676ba

    • SSDEEP

      768:+EelfsELdgnUEGC+AuOLMQXbXbKqxHHnlr8MF4P+HNFyA41KVYM:9elfs2dgUCkOrqgp2K7

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/EventTracingManagement/EventTracingManagement.psm1

    • Size

      5KB

    • MD5

      d329a4e3266d58f7508dd32b765d50a7

    • SHA1

      7b5dce66449fe09d60cc179cbe06771b03b6bfcc

    • SHA256

      f02fc225831c34c78f39c9e2f716b3a37cdc079c5c33ea08525970842abff291

    • SHA512

      8b9b16b35f93425517709395a46a16875e95ae0b956104e56a1251374a03fe11c36572adf2e9bb64f1afa12ede2b8983de4f99f3494d8c3329f5c941fcb76678

    • SSDEEP

      96:cqy0yikGvssZKUkKrrry1DuKKxTRFSigSiXfq7XNN:WJikcs+LkKlKKx9FEbyLNN

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_AutologgerConfig_v1.0.format.ps1xml

    • Size

      5KB

    • MD5

      af00233bf19d5eb561be3fdafdc72f89

    • SHA1

      afe9aa54fabe322b8a105919dc6177acc3a388c1

    • SHA256

      6ee0cbfda1850f8304692529b88037c1530b3a805eef3aff1c2dbbfc64cb730b

    • SHA512

      1de21718196ab33e10c27ae96398d47d85e99e30b989e8721abaeb5eb7d436d2a881b5379bd18829e2683bd11cc0b8bd18421d1d1a3bbd13624f95c9233573c3

    • SSDEEP

      24:JdQeCPYaT9QMhEqwi34H4egNJPYMRVgMpEygq3wpU:3QlAK9QM6qF9ASVgMiyB

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_EtwTraceProvider_v1.0.format.ps1xml

    • Size

      3KB

    • MD5

      a86582bcb8f69eb983e9fdc9efbc0ccf

    • SHA1

      77e8a5d6bf742c8979ddcc0a1453756dc44e3108

    • SHA256

      da4b0c55d3e24ae419945d1d6ba3c185aa09985a0d34493a09cca13acf655636

    • SHA512

      31656de2527106b8cffdf64eb38fb344c5cd9270e6e6738cd1b4f60f432b0ec7937c5c87d25f7181169077515c7ea8b6bc65e3f89f4bffabae56fb8e6f5e833d

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/EventTracingManagement/MSFT_EtwTraceSession_v1.0.format.ps1xml

    • Size

      3KB

    • MD5

      3762ba1ad7ff3e9db6bc78d1fbc32cfe

    • SHA1

      4703f27540d2357ef8289a560d18c2d296f3cf4c

    • SHA256

      342e409e3dba8fc0feec43001005bd222565246b5f16dd670860679118ca7909

    • SHA512

      e46664a0aa02114e501237be59a7afc727474e654cf0feeda63b670cb71e1166320882fb4812bd8093650a06a9025c6e5aa834e892d26c30a4822658f16b4d73

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/Get-NetView/Get-NetView.psm1

    • Size

      110KB

    • MD5

      8687881579d80c458e07f0f8747c056b

    • SHA1

      bfb55e32e82689e143881d76da3c5a56784c6fcb

    • SHA256

      0af370258f581af1d63384e53878cd16c08566dfb9062edcb8c847ece28bd37c

    • SHA512

      5e233d14f8442b46cfc568dac9f4ef8714f1d44f1bace7869b4c1481386cf500f546e8232534e29005dea2849e6e939440e9d5f85bff30c6ed3520f774571144

    • SSDEEP

      768:sBP2/Byj9gieuPZFG27L3rbQ1oRWCpUkY9KAXtxiicAD:sBP2AjFTG27LPKoRWC6d9yicw

    Score
    4/10
    • Target

      WindowsPowerShell/v1.0/Modules/ISE/ise.psm1

    • Size

      4KB

    • MD5

      0cc58ed701d92783cba93de41f0f5147

    • SHA1

      da8001f3cefdf302679044f6cdfb33f6976cb0e4

    • SHA256

      4f8c9a82730090babbdd39c009ac3043072a16a788a70356622c2fc98603a6b9

    • SHA512

      c59384c540e0e7c311731ae89ebd47b3fb50d5107f82b6e849f8d5426e633f6647b7b6b20cfdd1262e38ee5cdb20dd1a919991582f35cd595d070ed6775dc2a9

    • SSDEEP

      96:jXCdMnid8ETECfQ0QBdbW4v/85j6YRa8R2B:uG/EOrdK4vkhvO

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/LAPS/LAPS.psm1

    • Size

      27KB

    • MD5

      3d8e29f5f5c254a704abe76f6f747c64

    • SHA1

      a15ad37ec66d2b419e4890a229a8057714f84b5b

    • SHA256

      aea348ac0d28d8e5446b42c5cd1837837b1182149a0b8ac0a559fea37468b149

    • SHA512

      321dd834a13cf2e63dd0109fb37bc593543ecc5d6fd7eaaa613c70f3c3b09d206c47994ab4ce85a846cf9667a5f119a7c789aba7136a41106ca41c8fb25712e3

    • SSDEEP

      384:Pcjn0mJXlvxoBBAk0WyiaF86wx1xyyM3DfyMxBl4bziXoVooy/2pP9dyL8z/8X1U:PxBcyM3DqaBlMW4VDy/2fd9iC

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/LAPS/lapspsh.dll

    • Size

      105KB

    • MD5

      9638886f615ba86b3c41f6a7c5891a57

    • SHA1

      16ce48a0bdd385275637583c31b608a8fb32da64

    • SHA256

      4040e9f90e35e3f31f47c8dc0bfd1ab0f8313e53433fc0b1725677ee5cf738cd

    • SHA512

      47e1afedf81e4aec9e1c92437aea064f5408e2331eb0a8a26abf001e3e62fd3249389c0439e402dc6999224ffd853842774c92fceb06e0ac5481456fe784c512

    • SSDEEP

      1536:NYgnyUJVXmQ4AaqLOANF2jZeU42itU7BFmZ8MNH6UZQfvf41zdFdtpfyDzPdiD51:+WLEBFmGMkLX2dFdrfyNkj

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/LAPS/lapsutil.dll

    • Size

      80KB

    • MD5

      2a936dba06b2925de5f8b7ae61e155bc

    • SHA1

      62d392bb29729d2589b28b9aba22398ef0478ce2

    • SHA256

      9cc22f4cbc858db6869c4a05c1ef1de2c432f27e0156f5f243b65fa0f3a63faf

    • SHA512

      624a990be023a37b2ade337201365643023a17dfdea128c7f366fc0e3ea9de51cea9634d6d828db25d4c79b3fd29d12ebc1c329fc37416e651ee9752bbd89031

    • SSDEEP

      1536:AE2PiO5FC+txkEQwhEYq3vwrC8+S6P+ZuP:IKeXtyE/Xoh8H6P+ZuP

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/LanguagePackManagement/Microsoft.LanguagePackManagement.Powershell.Commands.dll

    • Size

      26KB

    • MD5

      70f4c2e6d529adaedf2f7fb68d08ce4c

    • SHA1

      217df36dde4da5b661bbf962dfe21da3ebeaeb69

    • SHA256

      7eaa4484b5cc5e17871e80f27f3d559991c74a08128b8755c32018d3d6bef8e5

    • SHA512

      476860866833f6ec3c8953485f4abd6a2b62514c2e8746dd4640af39b95977ef72e7161c413fa48ff484d1362ec146066d6ebefee1acb95a74314908111248c2

    • SSDEEP

      384:9uu/VbDCsC7bX7NtKOfv/DMF2PxgFgm3KYwL8DYXLKgW2xBWXsW:B/VbWsE7NtzxZSBmgii

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/LanguagePackManagement/en/Microsoft.LanguagePackManagement.Powershell.Commands.Resources.dll

    • Size

      4KB

    • MD5

      96387a2aca9d7a2f5d0b82512da9610b

    • SHA1

      994859ea04c00ad1fea6ecf816349f1e528c34fd

    • SHA256

      78b48ea51625a03507b0787a6d1ee14caa7d5627e06ca849ddac86a5cf68d38c

    • SHA512

      090344f10ff642a407a43796559f6b122e7aea9ca465ef76c226930e76b9b36351f0d3eeafac2aea189e94e1cb112c37c8fab3dff12bc947efcaa25c3b7fc577

    • SSDEEP

      48:6hdH2FwFDyvoxhNcd+6xNsXWSCesS7P6IorbToZWSVu0hgKG0hgc5Wqg:8W2x6oTN/66Zs7Io7kW50hBG0h9W

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/Microsoft.PowerShell.Archive.psm1

    • Size

      106KB

    • MD5

      87c1bca57167d446370e3a2170410f8c

    • SHA1

      54011fbaefffa08dc2519ef69d2857ea1fff86be

    • SHA256

      44e8d903bc6e6dff25a6ea8f03540bf1ad8a0cd333604c17949c44cf4715f884

    • SHA512

      62bfde59f67652deec9ac4f5e3aa071bd1ca296e0b506258aec134153411bf42d21b952f7491f08e41876fd3e18328dedb944fda5d1a34e1bded8738d46685c3

    • SSDEEP

      768:kBFK8V1yDC5rYJik/3/JNjb61spThgv0g8F0Dur9xrGgzRV4Q+8W5en6LDK5vNWZ:koOOHTF74Qg5oRw

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventNetworkAdapter.format.ps1xml

    • Size

      2KB

    • MD5

      b03b2db693a0f8672c5e009fadb603cb

    • SHA1

      a477683a6a4e3c6356d4e6d8a336c194d672458b

    • SHA256

      6acfca4a288af9ec206f32cecead339d90fff94e16ce5957220962f3c83d64ec

    • SHA512

      64112103a80ef91264f427d1027a4072cc83d815f692e8ad1a132fe4ccb92e38bcf5f875c1bcbe27f902d8eb69ee97af442d86f0c26ae5a1fdfc3bcb414fe242

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventPacketCaptureProvider.format.ps1xml

    • Size

      5KB

    • MD5

      906b713599d6e8e21ab96765873375e9

    • SHA1

      b97260e1bd73a540094993257ed9c6ac5b37e6a0

    • SHA256

      2d57220046856b8a8df9a687ffd13f8b89c9d8e0edaabd0bba96c2e9159849c4

    • SHA512

      24c9e411bda020c25e80a13fce3a162d5e57f6226092ce53d536011ea6f3766b373a8867c53e827d45ccf309dcafbda646546683e299b432bee6da06ad97bafc

    • SSDEEP

      24:JdJlhPRlEPTxnuIkTVBvxlnJPRlE9BBBBBBBBBBBBIRpnWIEjVpbU:3Jlh5lexnHkpB5lJ5lRpnPEZp4

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/NetEventPacketCapture/MSFT_NetEventProvider.format.ps1xml

    • Size

      2KB

    • MD5

      29eed17b7003653bc50f6125efe2c7b9

    • SHA1

      790ed252508bb1d3a4a2f411c7d742064d121272

    • SHA256

      3ecbd7b91d15b6c612498ecb6603bae4962338371e9ad830732271b396973a72

    • SHA512

      28d9c42ed155a89dddd0617d95ea486b635710c100e547f9b8cb57d09e7a580a54163fafa5a538542353e46af2f6dce7a9441d162ec4c2db8871c193ddaabf76

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks