Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

15/04/2024, 17:37

240415-v66nksed8w 7

15/04/2024, 17:34

240415-v5ll1sed3z 7

15/04/2024, 17:30

240415-v3fmzsca66 3

15/04/2024, 17:27

240415-v1vdcseb8w 7

General

  • Target

    WindowsPowerShell.zip

  • Size

    2.9MB

  • Sample

    240415-v5ll1sed3z

  • MD5

    4beaf6b031c0c5207b19918913b57e0d

  • SHA1

    c9856b91a671619302799d166875cfda119fb121

  • SHA256

    0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

  • SHA512

    3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e

  • SSDEEP

    49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score
7/10

Malware Config

Targets

    • Target

      WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1

    • Size

      3KB

    • MD5

      01e30f6e7a7441f98b283907b4b3b2f0

    • SHA1

      79b703be162acbc765602cbfc346d1c27b7177c7

    • SHA256

      b0f9a266da3c2233160ed723ebf647581883984f9b960a8c59852455da9203e1

    • SHA512

      6810ae8b44578c63454d9a08f6b8678abe2a7f3cf34c0b8aff7b982cfdd0488a651fc66d498a9119b4264f415a8506cb642c4107d62dfc41d3771889fe0a5f76

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1

    • Size

      5KB

    • MD5

      b6fb8c9e94187c19d30332d19d9454e6

    • SHA1

      b5613fbea2aeb44db3e4e4b5f0c99ce3189c0a5c

    • SHA256

      1e74df4fb9cadd8c0ab63c48789221aff0d9fb3ebeab8420410ebfad14571fd8

    • SHA512

      d116a192892a0309df6950af99dd78bc61e34458637805e78f345dd9d68f853da84b5a6de4d9ec87624c66911bf4314740ca844297482dcff8ae245640411197

    • SSDEEP

      96:t9PPKhxnT/uezmVgg9t5HcJ31VY7g92OINQeoDoXon:t9PCXnqezKgqLACfVWR

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1

    • Size

      675B

    • MD5

      8c667f4d468e3df1d7ababace768b9ee

    • SHA1

      e9c54dab3216baf2abfe96a0732a208f063fb592

    • SHA256

      3c59b91b00f9fe6cdf7cdef9265c7517ebe0c26f8cff70f3c5fc15e3bf7e67f0

    • SHA512

      e83df56dc64de3eb5ccf2a9f40ca098baf9362d5989918fbd80203afed76189efb0a40e0f9d97d38606d8f965828e9631789d6673bdcf31fbe138a349d192694

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1

    • Size

      455B

    • MD5

      0431ce57285a9dad6afaca1d8a997906

    • SHA1

      1f90a95728e4327daa84c4e798032687619c4a7a

    • SHA256

      c13dac2037187b2fd18598e611137c5fd540050d5a85cedb44d06f05f1fbb852

    • SHA512

      fdb27d503465656c3dedaa9ae9a455d339c5fac16aa7bd44754965be6dfe54c73a952bb4a7f48f209bc8d7d46b307e3eac82fcfd173baadcee69c95d79602f52

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.ps1xml

    • Size

      3KB

    • MD5

      7c5d2125dc6ff83578160e2411f3e50c

    • SHA1

      d889cc3c474624572024c4be39ad25acdb893551

    • SHA256

      0b5b8eecd3e4d9b12ab98fd98dd9551d27dd01fdadf5f118f1ef52834d483281

    • SHA512

      00064a1bb36a7b3cb17df8a385e055ea2d8e2d4cef7e04a7ce454039c08359b98ea6e00571b347e723d2e7844a047e5bae16e61037b86aa9b747fb4322a89c5d

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1

    • Size

      1KB

    • MD5

      c69d3853e5bce7c695c5bd37ba96d699

    • SHA1

      6a79df1e70dbad4a0aa971823f85206a8d5faf8c

    • SHA256

      cda4e020d5a53973f1290db25cad7e2cb746993d4fd12a68431db54681afd0cc

    • SHA512

      524ec61d1056a98a3b4436b045d097988cb7723d0441e5721c1136f83c5240be233633e9fc1bf74dfc080a4d7e6c5198709ea76f2bf00dfa7c49be8a1639bf73

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1

    • Size

      2KB

    • MD5

      90741a929966119be0d0c9b7f66c0b6c

    • SHA1

      ab3cc5cbabab4c3e02536c2ca6910036597e6a10

    • SHA256

      91ea580e6bbc54148eadac5e8018f6e6edfd04bcd3cf07489a9028fdeea948a0

    • SHA512

      8af83f14a6bd1b22a10109fa818c13079ca89c78ed560d678d7431ae2a82c3235b955c5cff0018bb5de33b6aabfd11d661f32ff67d4fb7edac5a5574b0996c00

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1

    • Size

      5KB

    • MD5

      e7b7d304f901913db03ec8a2c66928f7

    • SHA1

      0eca57a45b2002d645d9ab9413db90aeea49e5eb

    • SHA256

      0772d101921bb12f7d7a07f5fa795a04dacebb1bec33111f89b2d2f1740ea8c3

    • SHA512

      d6d73a910ecd622486b4f742bffe558458db217d0c802c493fd48dab02b27fb86852303a27131392aca67fa366088a0975e01f33f47f5596ae32237a4f4f7470

    • SSDEEP

      48:9cw9b0HIfb2eVccuVXsWd9VOieYcxbYojfAW4x49HkVFgL5B2Q+zQHxLuIF5l+z9:9cGb0gLdhRfAR+KVFc5wv4xLuIF5gmQ5

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1

    • Size

      11KB

    • MD5

      45cb52ef9a4f8cbad6a4e389401c7af9

    • SHA1

      b54c3c07d92c06cbab719d09ede588c05097ace7

    • SHA256

      304a315267c0cef24839966b51d7e76019f62253dc50f0fc5c0279227094f614

    • SHA512

      d9f07d0b4b4d804bf27aab7ebb6969bcb6de5f2ca1debc4a9b1bc950a6f5916ff02a5eaafb562237ef2875e1201e8478e452ab6d1363384d61fa5525e0c196f3

    • SSDEEP

      192:sEaN1boLnAAsnNRjS/PxqhQXAOQBdOOH0UQcatN/Noeqi/Nv+I/N/866/:6N5TA46RZY1n764

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1

    • Size

      776B

    • MD5

      f4ab6d4a6c93a1add7b46c8edb9ec06d

    • SHA1

      e630af88fbc6698fb8474d01fad05c42551444b6

    • SHA256

      fa7150089e8a67a0aad27cd324d119b9778ccbead6242397780c5d5077246d30

    • SHA512

      425e4bad8f6219414db677e0c51bba4df67de647919f2d5b400d941b0c7d96c2020f4058ad95abda5727620959f310a5d37067ade302620d11dfa9594bde42ae

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1

    • Size

      2KB

    • MD5

      6b0dfc59faf81fe3af64848aee309c4e

    • SHA1

      1f469f4637fdb4f8c1b42f83d7b8135c1ee505b1

    • SHA256

      c09df190addc67f7c6c38e7ea1dca719fd87807107f688c3f60ed8816e1c48a6

    • SHA512

      173fd9b7ec3876fc06e680a95c6e762803e91cfb628dd0942ef38dc2fbba7603b7a504dde1b28f57e81adc0d614317c92e4a75bccbb24f1ec75a371a9884af7f

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1

    • Size

      785B

    • MD5

      651b3b06114705c88b92a8cd6a978526

    • SHA1

      7d8e3d2f9b91e44a98b879e79cd55fb68c14a545

    • SHA256

      96973a7f69c967fe665cde9ef7b82423f34ad5248f2fd35f88d25fcda3fb9035

    • SHA512

      34ddb13ec8d2730ed718052c9e6ad5682c415b213b688d58f5a82be2e2c717b47719d6ed3d1627f2c4de51b93ee51548c280cfa45a22a9c67558fd1b93cb1320

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.ps1xml

    • Size

      5KB

    • MD5

      7ea886d135ac103fd63063dca7e150a3

    • SHA1

      a10f3d3ea34be2266be6611625136cad5ea8fa44

    • SHA256

      a31837f742c1cc25397d8b06bf182b71f926035554cf575bbba34029f3da3403

    • SHA512

      45b1ac8f92b8957c502726475d39a2a3f262be6aa8e4616d16549c4c45bc95f6729a0a47e8dafd75a396d931695f8e2329a6e918835bdc72a24dfdc2aa3a900d

    • SSDEEP

      96:qAmLl6umMlRLTpBTUvmvQA6umMsSOEKzZBfEDgcRPx:qLlXHLTLUUQAHsoKz0DgcRPx

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1

    • Size

      2KB

    • MD5

      9b07cb90e78d467a0de7be0f4f958fe9

    • SHA1

      c7014872c3c02f3c45b40aa109d113c0fa1002f7

    • SHA256

      e94186903107b294eb1c8a9bf74068b4c4e828843c4d33696af733ee2e3dbef3

    • SHA512

      6bc046823f5d9dfe1bf7c39f03a7246524f9b285c89e32e24c1bb9e89b571c56a7db900e6d3b4f5ec06febfbe2c75d67fa1f13347bfd96908ea6835493738109

    Score
    1/10
    • Target

      WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml

    • Size

      3KB

    • MD5

      8ad3984071cd41f88be85478d9d3b927

    • SHA1

      de487ad34ef752c5bd7128829fa06fc7a47bd723

    • SHA256

      ef1d87489f53c6fac620fc4e1656931ac6b4050b2bba6ff03412417b5006ddc1

    • SHA512

      4325334fe608c0bf5c98b0b7c263ee7c2c9d1f66010c2b3f931a6fc60265ba73cd8981a90ee54cd86374a81b22a74df7f18e87bde027de13c8061677f1606ef8

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml

    • Size

      3KB

    • MD5

      5d3b6b8efdb22ab05507f985f511ce0a

    • SHA1

      993e810d767b08df2adabad13d04dc8c5673b345

    • SHA256

      2d892e242e809f9f00a74788aae4238f444c89457a14938fb8aad4368c69d107

    • SHA512

      b47b83603aa15f3dc7b93ebc816b29da3231e65b4db0aa7e6e94a7516a57a85446b8a056c417637cc0ab50f5210659f03b3d23927093ce48d0a672a4563a969c

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks