Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

5a67f81284...ed.ps1

windows7-x64

3

5a67f81284...ed.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    15s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 07:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a67f81284ba203f257991151ab560b8ba845903c45467890ce61cfb94f1dded.ps1

  • Size

    2KB

  • MD5

    0c04263105e8f9d89486572d354f3598

  • SHA1

    cc4ebb167932bea45492031736d5a05788c4e07d

  • SHA256

    5a67f81284ba203f257991151ab560b8ba845903c45467890ce61cfb94f1dded

  • SHA512

    e3251bbf2df8ac2dbb438197f94529ad3c23c749dc274cfce906cc25f34632145d8a54a7d5701f900c969d6ba376c034290500c2bfc834e4a6c376804f03394e

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\5a67f81284ba203f257991151ab560b8ba845903c45467890ce61cfb94f1dded.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2276-4-0x000007FEF592E000-0x000007FEF592F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2276-5-0x000000001B430000-0x000000001B712000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2276-6-0x0000000002330000-0x0000000002338000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2276-7-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2276-8-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2276-9-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2276-10-0x000007FEF5670000-0x000007FEF600D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.