Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

WqZxLxZrOr...Tu.ps1

windows7-x64

3

WqZxLxZrOr...Tu.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WqZxLxZrOrnMWYaBaBKdLenVTu.ps1

  • Size

    5KB

  • MD5

    9e627a249d5f4f80c19ff51169a7db10

  • SHA1

    2f8ee955a8765d25170ef3a0c36356d0dbe42c85

  • SHA256

    f491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c

  • SHA512

    02dd75ce82af639aff79e29fe7f3581b668a337eadea9bf2f00a35740c23d1e509a714ab5e1ddcfbe8598022ed69eac56db181cfd5bcb555fb08253b4159305f

  • SSDEEP

    96:nGzO1DZtqKMPfas4g54jP5fPceEn6dYPJ/P8eEHPyUXPceEn6dYPJ/P8eEHPyb:nT1DDGPfBXOjP5fkpnxPJ/EpHPyUXkpB

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\WqZxLxZrOrnMWYaBaBKdLenVTu.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -s -NoLogo -NoProfile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.wsj.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c1e6d3e1e2aafcaf89347eecbe81b17

    SHA1

    b8ce730c5c67d82dc52f939a1835227ab16bb4cf

    SHA256

    67eb4d7e9b5d7a1b0f82afeebef76cee9433ba60608c37cb2ac80279c8353d8e

    SHA512

    8e197e7225bcc3271985f0ad606acbdcd3e5e3b2f5f34377eb632ec5736748a8def6728b1861a8de6ad5943674f68a1f838b7015a10ae85a2fb57924f0d54030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    373e525a9e4feef2c4cb4a1d7bf485a6

    SHA1

    f08f716d377ba9f4b06c389447862c2db5b00a69

    SHA256

    17d863b7a2d422bc1cf4a7b93ab7aa05330c4044a8076ac2bb3c3a35bc0babb7

    SHA512

    d9bd80385a61187fe5d193d6c39542c733c36b155b4784a3787fb9bd7914cb407ebf0d371416b4c9ef190f405448fea9b574df7ccb86a288ba4ea82adfaad746

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    397492e21c9b57a1e832fe1b3fc50dca

    SHA1

    b5e0e3d7cd5c01007f25cde18276ed5cbb059003

    SHA256

    3f448467bb1e06720dc293605f53ce19ebed766286213a3903218670e076b819

    SHA512

    9dab423ea312b39154810d5e26dae4340b76da15e2258a5613188dfaefe81e21521cb36d93d462a2ccb2026e75daa8615b13f7fd70362821c7ec53ae2dcd79b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    717a8c121a0d62351b11ffd2e2309baa

    SHA1

    302f25316c06f310d0e72db0fb187c706214f676

    SHA256

    79fbc1124add9081b435ed59a4b3d681d77c410a73be7c8ef23769eef91e7597

    SHA512

    9e7c555e23d42a4ebef316b397f54f9f780c59e6938759bcacf9aa1e656c43c5b42eeaaf30b79e994d2006faf6abf778a2d39c5555fcaa1173d75e0b78c46ab2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bed39758d1e809f29fd3ceaea8c9fac

    SHA1

    6591e6277ca86628d1703619411f376f56ad78b1

    SHA256

    e8c3af2f335a4201372fefaa68215721efa043c5cb6f23894102e76311a1d162

    SHA512

    423d8a4efc5f544ec7d69b0bb25cf95e2019e14e3a4e06a0bed1ed9b79da71fe4d1faa173f62de2ea180c485ffc369095aef9c8d12a1588cc74c3bbde99cd296

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e227dbccef86611a326d6f944d86cf86

    SHA1

    30c669cefbde64f733c5de605bacfe63418fa055

    SHA256

    2d59b7a7b75e8da80029c32b6b4c68342b4936202770c25382a40473898b84c2

    SHA512

    c3d53ed4276f1902ad4dd43a6eacb48406dff5851a862ec5919a8aa909f96314e7a6932171d13d61440abf626458726326dd8a1ca09c4ef768e85271c41f850a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7d1c3b30f9152bbfe0b08479dcf002e

    SHA1

    c5da9f7087abca6673e64610c4c9d0f24a9a03bf

    SHA256

    2511d966951663a434b49a60f1375cce04d2b21e7e6764cfbb6d798a1a780486

    SHA512

    7c2ab11de33ca52f0ab53034121316b1a5c224fb6e39edfd9f2b60794648bdd98f267b408caa0f342f2edb6fc6a6ddaebf870dbb84d25b33da6d9de018ba9c57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6922f1843ab673a8db89bc677dc3a044

    SHA1

    7bcd37bad5b16e606f2eef0ea99786c380457e81

    SHA256

    44253586b4f0248efab78923893eb7897ff9365e522e0c550d44688bc3d2501e

    SHA512

    84f97f18c531dbd149333d8df71b785d4a8c0266f8d27333b51824a56e789690703a4e48e74ea483e632d26e247ac48516133dcef6b60ce7da3f1a640f4470fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebe4fd23db40bc51056792c86f868555

    SHA1

    22c02eec4dae9bc8d7fc5917aad9c44ae378d4b9

    SHA256

    b2e39c513acf70f160f06c0d213df3d15721c98606f3ced6d1e6f0d940bb4a3b

    SHA512

    a3a8692ce37474b4225a257326e43e9f03e725687de6d1dc261cef9d278e13e2b03c7e48dda3ce19cc44107199a47c1c8de0c4eebaa197e7841923b7e2f877b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d7d5bec4d7d01312d7f67915eab7963

    SHA1

    06cb0a547ace3ad9fe658287b8d2a7343bb397a0

    SHA256

    044d7718034b157eabc02c1b81e27798b1f93a8f1f56d90743ffa680b5dd82b0

    SHA512

    269b6683f3bb4c81c268eedab21ecadd8c5c63bb0005b6a33bc2f35ed79af87c39295c2d3d12cbaadc5014ecc8b0c12af8e294fe152a5dd62349a8fcb9d4f6fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87b1a40ec06fc3eab14d2d1f17c119c2

    SHA1

    25290192f8f3de47869ac8c6c2456b49b41589d6

    SHA256

    250830d83ee10bea65e72d00f0a6294ece6fa914341dd884d9a92a98a733a76f

    SHA512

    54493122da53d770850fbcfdeeb1f77de8b64f5e7eb1f45570082627fbcc94e5d771c0b6484adf46592112e81d0f310ff547fdb343a901e388d0f822dfd67cbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b2ef44ff11736e1329c2e8eb3001c57

    SHA1

    75a43a742a9b828fde8df26b757a87c859fb539e

    SHA256

    0549fa9fc3e9bbc20d76ee40a2f26c8a542c5729707bb81f0ca91a4e3a248361

    SHA512

    d3ea7ac5f195660e17229996fb3e26eb934fba6ed33fda22f1c3c53d7a05d58a8ed0cd413f3ade3ff9f281865847a362aa9a2bb11dfdb0615a684a6810fcf823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5741f1d920bad7e38d5c834abfbf014d

    SHA1

    546cfb4372c75b0d6bf096266c552fcf00c3727d

    SHA256

    46a84f19b4d20f8b78aacac3d712c8ca3a2c938ede7af292eae752c9141e937c

    SHA512

    2af0b726de3118cdd2011e012b5f92474f0f84f0e42aad77355246171a06b686a10eafa66c21e7e81fcfff634c3ab12f9b9edf784fd79947c0e24def8d9e57da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c322092e0e52e973b54421a5e0fdd66c

    SHA1

    48e6712cd9b6ac0c81657a186842327f3d6d0d41

    SHA256

    eabf9b3aff7e420d789f3d71dbb22289a76b2229742ef19194dc63f86103687f

    SHA512

    cf6958e83b2c6922c51450edfabcb1f530cfb419da480b8eb05283f2a56d978a0747c6d9003adca1387867ae3514b472d86910a15221af6c3146f1fdd210720f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56c1b1ccf58f1a293f1408e67f620e34

    SHA1

    dabe8d55f5d86e0cd95b6b07093e229cc56e63ed

    SHA256

    743e1d5ae02ec785dba10172189025217d702ccba3f491cbfd614403bd519747

    SHA512

    dc153c7c3b2a152c3f18443e3456b74830c36f9278ec3c952ba8356902857fe17d3fa85b0420ed5698a10d41b1c77208b92ac39f15f45bbb091fdcb4ccbf4690

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddec92da0e615202e6276be68a9fc4d7

    SHA1

    07cb6550bcc925d708c3a56e09b815d44d14e94c

    SHA256

    e81657de9cc4473f0d8a55ac5a2b89400f3f6175d3bdf46076997f076afcbadf

    SHA512

    490c2e597a22bfee131a122aace5854fe8f6d9e6e3a4d2719cb552de0bd9d97937399334a6817bcce36ba999a1bf34a790b238c118e48cc47cc6694a06fda956

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f4d2655acee9394d54c34e56b86e6761

    SHA1

    becfd996411b165432b87b241cd4e7968f82209c

    SHA256

    e087b9d54c1fe1270f20c2cc33e88cfa8b62eb7eceafa5997d1aec6fa3b845d8

    SHA512

    0aabf12a4f61735917af31c6a2601a4b520da8ea4cabbe3a5400884464dd53a2058739a2ddb3704a70833994fd2fe335ff35a3a3975cc5691d0b4acc7434fe0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dd474b0ff1174a1f60646889dc96a07

    SHA1

    bf6a903d89834fc179691cf3075845bb771505d8

    SHA256

    78f990a5585ba8aaa0a146af6fb9d20e22f61403ea0a6414c4f7cf2d59dc0be4

    SHA512

    70380e898c733d07e8f9f52a79ce8eeaf3db4cc3cabd549dd4b4b8a6649eb8c913bf2d113dfc42c3b16257056abeb7415514130d7a09f1cc3cd2081bab792d1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5e0bbae78b4f2b0be779fe1ccc286e7

    SHA1

    206f18d68fa9bbfe56814f8030d52dc7bcdbb6cb

    SHA256

    27e228f933e798620f2217a0083d7fce14c113b21a92c9401bce9af2a124a8d1

    SHA512

    f25c8bf41fd650a0c28d6fa596151406e930723d81f5870b27431dea1c010783e95f59bfae4db9cae56d7e18604bb9906074096c8a354eb0d613bfb71e97477e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab42CB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar435D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    54b2c65d61400abe7ac794231ffa0dbb

    SHA1

    863f8d088041f5f175a08addaab42ea5038f6ab9

    SHA256

    662a4f992ffdba094e9fe2c5e72ac345785c2ea2192d5123191b18b8b9212f2c

    SHA512

    c557660fdc676c864823f7ec5c65b9bbcd136ba1029d505b4c1c3580c358f2c73802c130923f96eed14d6922c9ce20159b3fc271df87635fb31a5cb23e9a0820

    Download Submit

  • memory/2644-11-0x0000000002B10000-0x0000000002B42000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2644-10-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-9-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-8-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-7-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-6-0x0000000001D20000-0x0000000001D28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2644-5-0x000000001B830000-0x000000001BB12000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2644-20-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-12-0x0000000002B10000-0x0000000002B42000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2644-13-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2644-4-0x000007FEF62EE000-0x000007FEF62EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2756-19-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2756-21-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

    Filesize

    9.6MB

    Download