Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

.txt

windows10-1703-x64

1

Analysis

  • max time kernel
    79s
  • max time network
    88s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/09/2024, 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .txt

  • Size

    104B

  • MD5

    bf7bed005fc49501e15c3bf57f081e11

  • SHA1

    929fc7e522cca12efa435fe5a2584e564b3d79b5

  • SHA256

    e73a344ca155fa17b20809d1673a4176a4db5e375056abb476cd8ca7111437a4

  • SHA512

    a2199205e0861f6b56e6d4e4b9823e16b19bf80c301c6743510b0b169be0c6b55be8ecf1da9ed90b2564f6df9c9d497645133f5f27b3fa50f0aad18e9e913589

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\.txt
    1⤵
      PID:2088
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2660
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1756

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      3KB

      MD5

      42d4b1d78e6e092af15c7aef34e5cf45

      SHA1

      6cf9d0e674430680f67260194d3185667a2bb77b

      SHA256

      c4089b4313f7b8b74956faa2c4e15b9ffb1d9e5e29ac7e00a20c48b8f7aef5e0

      SHA512

      d31f065208766eea61facc91b23babb4c94906fb564dc06d114cbbc4068516f94032c764c188bed492509010c5dbe61f096d3e986e0ae3e70a170a9986458930

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
      Filesize

      2KB

      MD5

      7f07645b829551314a162055062a4df8

      SHA1

      c6b52fa996b93b44a6d8abcdf4131645dcad3694

      SHA256

      49502fe2be1c1f9122ba22ba95f6533e96d3a923deb698a5d67d54307085a32b

      SHA512

      4e87919985f63c9685dd8023b331a1703554b63eb427ae2157f7c6a9eb3743d81981dcd399e8921727ed453d1f39376c6f444a79ac7bba1e989b2573d1c33329

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2dtarhfa.hpa.ps1
      Filesize

      1B

      MD5

      c4ca4238a0b923820dcc509a6f75849b

      SHA1

      356a192b7913b04c54574d18c28d46e6395428ab

      SHA256

      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

      SHA512

      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
      Filesize

      104B

      MD5

      05eb64041dbff8a461ec27d905fb5de8

      SHA1

      fe00d23b59e734089f288e3f6869d040f0054cd4

      SHA256

      bad464e122c7a7989f21a65c87bb4a691d39c6dd7409da8e8733b3f423805048

      SHA512

      82ac16ceb602c868e5dff16adb0ea805eae8a9bb34a520ab26b9e336d18d4726aa52e76aac5429e68ad4d82305265ddfa396a5b3d00ede732730384313346954

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
      Filesize

      5KB

      MD5

      7d65858bb68f30bbde1992ca24817126

      SHA1

      fcc6e8afa8a8f2629a1a4a7665ac237981a4273b

      SHA256

      f84d862a6f7d0c63b4dc05921f636837d3a82ffd00eda140dd65a43018e8fbb9

      SHA512

      a238d85b6bba775aa47aad2e0679950ae519a7d631b447a2983ed5bfeb8d001581aff715809afac7f925b230634ec20517fa89bbe2b535717decd33a5c9458df

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
      Filesize

      5KB

      MD5

      e40b41c910f3ba282436759bb810d8e9

      SHA1

      d9f205b4000d57e39dee0018040b0d5d3a51495f

      SHA256

      198a30797e8f6d1bd74aedd2f2d6e175586867d0d12ab7793e710cfc88a5e192

      SHA512

      ba2c4dba893d07ad8f745a0eeb652424d5a4db579982aef1eb4b9129366b2ddeda0ee9e82a8f2f7c7dbecf089524bffa78f2666268ea78df95bf58f69c071a65

      Download Submit

    • memory/2660-47-0x000001C727280000-0x000001C7272F6000-memory.dmp

      Filesize

      472KB

      Download

    • memory/2660-65-0x00007FFE28683000-0x00007FFE28684000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2660-66-0x00007FFE28680000-0x00007FFE2906C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2660-72-0x00007FFE28680000-0x00007FFE2906C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2660-2-0x00007FFE28683000-0x00007FFE28684000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2660-36-0x000001C726D30000-0x000001C726D6C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/2660-33-0x00007FFE28680000-0x00007FFE2906C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2660-10-0x00007FFE28680000-0x00007FFE2906C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2660-7-0x000001C726BC0000-0x000001C726BE2000-memory.dmp

      Filesize

      136KB

      Download