Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

code.ps1

windows7-x64

3

code.ps1

android-9-x86

code.ps1

android-10-x64

code.ps1

android-11-x64

code.ps1

macos-10.15-amd64

4

Analysis

  • max time kernel
    359s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    code.ps1

  • Size

    12B

  • MD5

    9076483f9473251c946cb3f675f2007a

  • SHA1

    ec28ed46fd5e5d1b9cb4b332a85889757b7af4e2

  • SHA256

    dd69129f2285514fff0937e3b895eae52011e620e767ab4f7488511afb0f7052

  • SHA512

    f62ff063851bd7f2b113de9d3de8c1ae96aadc219c6515d4f75779fff9a450f3ee57958369e43ec2f04ddc4d33114835f8a8ab323a2334645d72f92259b4c796

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\code.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\system32\PING.EXE
      "C:\Windows\system32\PING.EXE" fbi.gov
      2⤵
      • Runs ping.exe
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-4-0x000007FEF5A0E000-0x000007FEF5A0F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1700-6-0x0000000002990000-0x0000000002998000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1700-5-0x000000001B6C0000-0x000000001B9A2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1700-7-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1700-8-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1700-9-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1700-10-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1700-11-0x000007FEF5750000-0x000007FEF60ED000-memory.dmp

    Filesize

    9.6MB

    Download