Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

file01 - c...2).ps1

windows10-1703-x64

10

file01 - c...2).ps1

windows10-1703-x64

10

file01 - c...2).ps1

windows10-2004-x64

10

file01 - c...2).ps1

windows11-21h2-x64

10

file01 - c...3).ps1

windows10-2004-x64

10

file01 - c...3).ps1

windows10-1703-x64

10

file01 - c...3).ps1

windows10-2004-x64

10

file01 - c...3).ps1

windows11-21h2-x64

10

file01 - c...4).ps1

windows10-1703-x64

10

file01 - c...4).ps1

windows10-1703-x64

10

file01 - c...4).ps1

windows10-2004-x64

10

file01 - c...4).ps1

windows11-21h2-x64

10

file01 - c...5).ps1

windows7-x64

3

file01 - c...5).ps1

windows10-1703-x64

10

file01 - c...5).ps1

windows10-2004-x64

10

file01 - c...5).ps1

windows11-21h2-x64

10

file01 - c...6).ps1

windows10-2004-x64

10

file01 - c...6).ps1

windows10-1703-x64

10

file01 - c...6).ps1

windows10-2004-x64

10

file01 - c...6).ps1

windows11-21h2-x64

10

file01 - c...7).ps1

windows10-2004-x64

10

file01 - c...7).ps1

windows10-1703-x64

10

file01 - c...7).ps1

windows10-2004-x64

10

file01 - c...7).ps1

windows11-21h2-x64

10

file01 - c...8).ps1

windows10-2004-x64

3

file01 - c...8).ps1

windows10-1703-x64

10

file01 - c...8).ps1

windows10-2004-x64

10

file01 - c...8).ps1

windows11-21h2-x64

10

file01 - c...9).ps1

windows7-x64

3

file01 - c...9).ps1

windows10-1703-x64

10

file01 - c...9).ps1

windows10-2004-x64

3

file01 - c...9).ps1

windows11-21h2-x64

3

Resubmissions

27/05/2024, 18:28 UTC

240527-w4c4xsdc7w 10

27/05/2024, 18:28 UTC

240527-w4c4xsdc7v 10

27/05/2024, 18:28 UTC

240527-w4cs6aed49 10

27/05/2024, 18:28 UTC

240527-w4cs6aed48 10

27/05/2024, 18:28 UTC

240527-w4cs6aed47 10

27/05/2024, 18:28 UTC

240527-w4c4xsed52

Analysis

  • max time kernel
    1582s
  • max time network
    1597s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/05/2024, 18:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file01 - copia (9).ps1

  • Size

    510B

  • MD5

    2dcb4d51653aec1a829f3232d69f5e12

  • SHA1

    dd096e7d800b9f3ca0edc64955b4464d71789f80

  • SHA256

    d1902d3e519d0d87097fd8969280bd01bd139a5191faadaed0149e61b4a7495c

  • SHA512

    7def3731bbb3f7ac3895edcf14c645bbcc0608f09c6b03bf7ddaebf049f1f6f1aad4086548ab9fce7b2bbefd837de8377f8b81cf94022d84e35f1bba0af89143

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\file01 - copia (9).ps1"
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2560

Network

  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    github.com
    dns
    powershell.exe
    280 B
     5

    DNS Request

    github.com

    DNS Request

    github.com

    DNS Request

    github.com

    DNS Request

    github.com

    DNS Request

    github.com

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
     5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xwyc4whd.nrj.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/2560-0-0x00007FFCFA0A3000-0x00007FFCFA0A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2560-1-0x000001E5FA360000-0x000001E5FA382000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2560-11-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2560-12-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2560-13-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2560-14-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2560-15-0x00007FFCFA0A3000-0x00007FFCFA0A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2560-16-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2560-17-0x00007FFCFA0A0000-0x00007FFCFAB61000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.