Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

admin.ps1

windows7-x64

3

admin.ps1

windows10-2004-x64

3

admin/comment.ps1

windows7-x64

3

admin/comment.ps1

windows10-2004-x64

3

admin/global.js

windows7-x64

3

admin/global.js

windows10-2004-x64

3

admin/list.ps1

windows7-x64

3

admin/list.ps1

windows10-2004-x64

3

admin/module.ps1

windows7-x64

3

admin/module.ps1

windows10-2004-x64

3

admin/mysql.ps1

windows7-x64

3

admin/mysql.ps1

windows10-2004-x64

3

admin/replace.ps1

windows7-x64

6

admin/replace.ps1

windows10-2004-x64

6

admin/sort.ps1

windows7-x64

3

admin/sort.ps1

windows10-2004-x64

3

admin/spsort.ps1

windows7-x64

3

admin/spsort.ps1

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

1

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

3

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...nu.htm

windows7-x64

3

admin/temp...nu.htm

windows10-2004-x64

3

admin/temp...et.htm

windows7-x64

3

admin/temp...et.htm

windows10-2004-x64

3

admin/temp...st.htm

windows7-x64

3

admin/temp...st.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/comment.ps1

  • Size

    2KB

  • MD5

    3a84264c3b37cdffe7ab08710e208532

  • SHA1

    2b097fcb8a71c6525124f96f414f871be9c47035

  • SHA256

    9c72e0ddae9ea1e14369ac9946f8cee383a6545bde69481b6e4cc02b956a5c2e

  • SHA512

    94991ce18d2c08f8c0b17385c1354993ed3b1a4612c38eed1a7a9735149f50498e474a8ff054edb5a7875535ec941ae2f61798eb4c0fdc914fe25cf2024ba1fd

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\admin\comment.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2272-4-0x000007FEF547E000-0x000007FEF547F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-6-0x0000000001E80000-0x0000000001E88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2272-5-0x000000001B740000-0x000000001BA22000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2272-7-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2272-8-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2272-9-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2272-10-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2272-11-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2272-12-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

    Filesize

    9.6MB

    Download