Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
24/05/2024, 13:25
Static task
static1
Behavioral task
behavioral1
Sample
62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd
Resource
win7-20240215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd
Resource
win10v2004-20240426-en
4 signatures
150 seconds
General
-
Target
62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd
-
Size
1KB
-
MD5
acd0ea2571fae686554e0be7c5d71d1a
-
SHA1
6853c3d910064c2ee4598c0fc66b56016663861c
-
SHA256
62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8
-
SHA512
78fbc61d42021a06b993091e2b9e034db438bf3d0f10f2b0bfcc391008590f3235675a46cdd30625a5da9bcccdbaa492b408370146d3bda4388c96c764516213
Score
3/10
Malware Config
Signatures
-
pid Process 1300 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1300 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1300 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2384 wrote to memory of 1300 2384 cmd.exe 29 PID 2384 wrote to memory of 1300 2384 cmd.exe 29 PID 2384 wrote to memory of 1300 2384 cmd.exe 29
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd"1⤵
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy Bypass -File "C:\Users\Admin\Pictures\install.ps1"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1300
-