Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

nmap-7.60/...32.dll

windows7-x64

1

nmap-7.60/...32.dll

windows10-2004-x64

1

nmap-7.60/libssh2.dll

windows7-x64

3

nmap-7.60/libssh2.dll

windows10-2004-x64

3

nmap-7.60/ncat.exe

windows7-x64

1

nmap-7.60/ncat.exe

windows10-2004-x64

1

nmap-7.60/ndiff.bat

windows7-x64

1

nmap-7.60/ndiff.bat

windows10-2004-x64

1

nmap-7.60/ndiff.py

ubuntu-18.04-amd64

1

nmap-7.60/ndiff.py

debian-9-armhf

1

nmap-7.60/ndiff.py

debian-9-mips

1

nmap-7.60/ndiff.py

debian-9-mipsel

1

nmap-7.60/...te.exe

windows7-x64

1

nmap-7.60/...te.exe

windows10-2004-x64

1

nmap-7.60/nmap.exe

windows7-x64

1

nmap-7.60/nmap.exe

windows10-2004-x64

1

nmap-7.60/...93.exe

windows7-x64

7

nmap-7.60/...93.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DiagReport.bat

windows7-x64

1

DiagReport.bat

windows10-2004-x64

1

DiagReport.ps1

windows7-x64

1

DiagReport.ps1

windows10-2004-x64

1

NPFInstall.exe

windows7-x64

4

NPFInstall.exe

windows10-2004-x64

4

NPFInstall2.exe

windows7-x64

4

NPFInstall2.exe

windows10-2004-x64

4

nmap-7.60/nping.exe

windows7-x64

1

nmap-7.60/nping.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DiagReport.ps1

  • Size

    8KB

  • MD5

    7457f5e88035d91752f988df57aa0689

  • SHA1

    8cbd43f00fdc2ae2b0ac7429454eb7708031ee70

  • SHA256

    4180f15d32e84d1f3ed1c256bdc86f73d96e6615b3a10bf67bfc50c30a9912ed

  • SHA512

    2ccfe0eb0724461fc123f9693724386426497ed7236a5180475223528610216dab9f5b4d61a53dc6882322aec3414b7b9a1c39d651a6a289ba40e29d51575916

  • SSDEEP

    96:4g+14dBdsaHQCMMavbtBG7IYMGOUU+Sz1ROVP7BNE9dn:4x4dBdsaHQZMay6W1X3Kh

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\DiagReport.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5016
    • C:\Windows\system32\notepad.exe
      "C:\Windows\system32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\DiagReport-20240420-062741.txt
      2⤵
        PID:1428

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\DiagReport-20240420-062741.txt
      Filesize

      47KB

      MD5

      6ab4982d6b6180318dec7dfc7419ea53

      SHA1

      39dbfb9082ac9188f94b54f78d91e4305bca5b83

      SHA256

      83b7f8ea4f87cfd393df7279ebac5a02b5687bb62f5193f9a1a020d8986442fa

      SHA512

      f79978c6dc6fda67b82580b3a102204991e21db7f0c76e8ce6b78fe807f6ae40d15ce1d4a6833a916b526efba26ec40527d819d41137c3d406928b804738e0b1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uoperwmn.n1s.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/5016-7-0x0000026EBB9F0000-0x0000026EBBA12000-memory.dmp

      Filesize

      136KB

      Download

    • memory/5016-10-0x00007FF973090000-0x00007FF973B51000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/5016-11-0x0000026EBBA30000-0x0000026EBBA40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5016-12-0x0000026EBBA30000-0x0000026EBBA40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5016-13-0x0000026EBBA30000-0x0000026EBBA40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5016-14-0x0000026EBBA30000-0x0000026EBBA40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5016-18-0x0000026EBBB40000-0x0000026EBBD5C000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/5016-20-0x00007FF973090000-0x00007FF973B51000-memory.dmp

      Filesize

      10.8MB

      Download