Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
05/08/2024, 12:56
General
-
Target
Kematian-main/frontend-src/antivm.ps1
-
Size
6KB
-
MD5
296f3b3bd61aea4469ac394414ff7593
-
SHA1
1398a63edd7f41e8d115cb0cd52173f6d2ccea7e
-
SHA256
5fcbb655f62ef6f549ce387796db9b56973c048d276c2872565fff32ec84371c
-
SHA512
c2880422dcf428f2a8308d421d2f9f6368d7e58f9838f831e08b4c565c2af17fd79ca57905d88bca8ecbcf8a141b936d77896c199ef35baa7ca184ed890dd542
-
SSDEEP
192:Nx+lLbherrTi1ZXzjxrGCyma8qcfg7vrBL5y:DylxLb8zy
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kematian-main\frontend-src\antivm.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
8KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB