Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

62530bcccb...f8.cmd

windows7-x64

3

62530bcccb...f8.cmd

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd

  • Size

    1KB

  • MD5

    acd0ea2571fae686554e0be7c5d71d1a

  • SHA1

    6853c3d910064c2ee4598c0fc66b56016663861c

  • SHA256

    62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8

  • SHA512

    78fbc61d42021a06b993091e2b9e034db438bf3d0f10f2b0bfcc391008590f3235675a46cdd30625a5da9bcccdbaa492b408370146d3bda4388c96c764516213

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\62530bcccbb2524a0b33eba537eee508b3c86b5b535bffaf24b5d50c1fc8e5f8.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -ExecutionPolicy Bypass -File "C:\Users\Admin\Pictures\install.ps1"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1300-4-0x000007FEF5DBE000-0x000007FEF5DBF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1300-5-0x000000001B6C0000-0x000000001B9A2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1300-7-0x0000000001E24000-0x0000000001E27000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1300-8-0x000007FEF5B00000-0x000007FEF649D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1300-6-0x0000000002970000-0x0000000002978000-memory.dmp

    Filesize

    32KB

    Download