Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

4

Install_Xf...b9.exe

windows7-x64

7

Install_Xf...b9.exe

windows10-2004-x64

7

$DOCUMENTS...se.ps1

windows7-x64

3

$DOCUMENTS...se.ps1

windows10-2004-x64

3

$DOCUMENTS...al.pdf

windows7-x64

1

$DOCUMENTS...al.pdf

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_12_/Serum_x64.dll

windows7-x64

1

$_12_/Serum_x64.dll

windows10-2004-x64

1

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

Serum.dll

windows7-x64

3

Serum.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2024, 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DOCUMENTS/Xfer/Serum Presets/Noises/Analog/SH1 Noise.ps1

  • Size

    172KB

  • MD5

    b7a5497d00ac747d0a77ef2ce5d6b7cd

  • SHA1

    c3981be1a791d3f8925c1b6cb6468211534bdaeb

  • SHA256

    c5e14f2f716769bba3efa8a8956b43cf7d436876afb3f0a238813b3a4b6e8f55

  • SHA512

    519962341caf3f7c203c294b0fb678fa7d432999d70ea6b48af09a256d4d038f656b5e2b7acb8038496a0b560fa36d704e54de10590d4fdd3379d58773fd0be9

  • SSDEEP

    3072:w/mWOgcQBhHM5RBpCOzUl9ynZWu/Nj4HqMXB74076UCXicsGKHcEhr:w/mHgThHMbCOwfYZWENEKMXB007+ts5V

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\$DOCUMENTS\Xfer\Serum Presets\Noises\Analog\SH1 Noise.ps1"
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1844-4-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1844-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1844-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1844-7-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-8-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-9-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-10-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download