0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

WindowsPow...m.psd1

windows7-x64

WindowsPow...m.psd1

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow...t.psd1

windows7-x64

WindowsPow...t.psd1

windows10-2004-x64

WindowsPow...at.xml

windows7-x64

WindowsPow...at.xml

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow...t.psd1

windows7-x64

WindowsPow...t.psd1

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow...y.psd1

windows7-x64

WindowsPow...y.psd1

windows10-2004-x64

WindowsPow...y.psd1

windows7-x64

WindowsPow...y.psd1

windows10-2004-x64

WindowsPow...t.psd1

windows7-x64

WindowsPow...t.psd1

windows10-2004-x64

WindowsPow...at.xml

windows7-x64

WindowsPow...at.xml

windows10-2004-x64

WindowsPow...s.psd1

windows7-x64

WindowsPow...s.psd1

windows10-2004-x64

WindowsPow....cdxml

windows7-x64

WindowsPow....cdxml

windows10-2004-x64

WindowsPow....cdxml

windows7-x64

WindowsPow....cdxml

windows10-2004-x64

Resubmissions

15/04/2024, 17:37

15/04/2024, 17:34

15/04/2024, 17:30

15/04/2024, 17:27

Analysis

max time kernel
24s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral2

Sample

WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral3

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral4

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral5

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral6

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral7

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral8

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral9

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.xml

Resource

win7-20240221-en

windows7-x64

4 signatures

30 seconds

Behavioral task

behavioral10

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.xml

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

30 seconds

Behavioral task

behavioral11

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral12

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral13

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1

Resource

win7-20240319-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral14

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral15

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1

Resource

win7-20231129-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral16

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral17

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral18

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral19

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral20

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral21

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral22

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral23

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral24

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral25

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.xml

Resource

win7-20240220-en

windows7-x64

4 signatures

30 seconds

Behavioral task

behavioral26

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.xml

Resource

win10v2004-20240412-en

windows10-2004-x64

0 signatures

30 seconds

Behavioral task

behavioral27

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1

Resource

win7-20240221-en

windows7-x64

1 signatures

30 seconds

Behavioral task

behavioral28

Sample

WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1

Resource

win10v2004-20240412-en

windows10-2004-x64

1 signatures

30 seconds

Behavioral task

behavioral29

Sample

WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml

Resource

win7-20240221-en

windows7-x64

4 signatures

30 seconds

Behavioral task

behavioral30

Sample

WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

30 seconds

Behavioral task

behavioral31

Sample

WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml

Resource

win7-20240221-en

windows7-x64

4 signatures

30 seconds

Behavioral task

behavioral32

Sample

WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

30 seconds

Report Analysis Logs

General

Target

WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1
Size

785B
MD5

651b3b06114705c88b92a8cd6a978526
SHA1

7d8e3d2f9b91e44a98b879e79cd55fb68c14a545
SHA256

96973a7f69c967fe665cde9ef7b82423f34ad5248f2fd35f88d25fcda3fb9035
SHA512

34ddb13ec8d2730ed718052c9e6ad5682c415b213b688d58f5a82be2e2c717b47719d6ed3d1627f2c4de51b93ee51548c280cfa45a22a9c67558fd1b93cb1320

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2760	notepad.exe

Processes

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\AppData\Local\Temp\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\Microsoft.WSMan.Management.psd1"
1⤵
- Opens file in notepad (likely ransom note)
PID:2760

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads