Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f4052e52fe...b5.ps1

windows7-x64

3

f4052e52fe...b5.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 01:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5.ps1

  • Size

    2KB

  • MD5

    797992ab276d218d7feb2e6e8b2fd678

  • SHA1

    99cfbecaebc79e723603997fb2102363319103eb

  • SHA256

    f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5

  • SHA512

    702007e1ea9df25b54d996a8fcfea344812bd58f5fe70b1e7d1ba528ee1968148536c7a4c8bcd8e22d2087d539485fcd63e639449f1243cea62d513d82952479

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\f4052e52fed661fd05ea39a5187781ec6c234c5d7ea4ab91cd77f2e1d2c709b5.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -s -NoLogo -NoProfile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://meet.google.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2
    Filesize

    471B

    MD5

    5d3536f05abe749c4503d2ed7be4cc90

    SHA1

    89cbe1f4a6930c4f369b3077b1a09b1ccb7f6506

    SHA256

    77ccaf9b9cec727bfc8f71f8b6e2c15764ccb898533f3d4edccd6b7c169cdb6c

    SHA512

    35781c44d309dc0ce31c7777a15186291c6b5043cab7f9518c48608b10317de7fd6545a3f238662e40ba18457e530f020187e13a37c65fe9be496a46d0b0c163

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_D1B27FE7BE3D1D3B980BDEFA8B81E20A
    Filesize

    471B

    MD5

    b090f94d2002c8069c9ccc8e336130a1

    SHA1

    882e73b06cac2fe1db07cf7a684e3ce6d3d1ca09

    SHA256

    6e4c342b6d37f52eabcbbf89b51962a065c447a2e7e6f9e2b7d862be27aad2cc

    SHA512

    7ea76c7d3372be4aa0e340dd1fe84f72f871994621bc98cc9e0d1505f7df6d03282e0153a2bc634b06dca9c41d3891feff35f963274282f4409ee3ec2b06a7b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    50dcc1aabedcc76ab954dc5abd4950ec

    SHA1

    f6634dd1a548576b78805d8deec7c57c064245d2

    SHA256

    55fb62f0cb0e48c4befc05e94a3f9a317cf91111e87fb3073c127a112b197d4f

    SHA512

    175b652905352e5d1b7275b6b37ca50656f183e78c2abc9bb70118eae7509993c8239ecaac53f24f229fc678c5894cda585069be251da5adb32969a0167b21ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdbff15131912a603f5d776a5c00d10b

    SHA1

    b32ab0d858ece0eba6e36ead587c9ae6310d9083

    SHA256

    bcf39fad4be3cfa1b8c9fdf2703630925d5596e82ade021e60ca731dbca996f7

    SHA512

    02f13ed61c97403aa32e4911d2f2004452bf43ecc2cc7a574d9ed2af69aa15317cfd71f5b989c782dd232a650bbfb6cf4443112f33694a48ca950d482e74339e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2012772addafcfe58e5bad0f75fabc6

    SHA1

    4ee0e3fd4cfaf7e7caf382266fb83c55be647119

    SHA256

    95e441a3291dc5b2baa5de78e6342fc6682cec0400b1715872a0eb84a46c9dd9

    SHA512

    5a0e033a9099b8b04fe846465fd5659f71f42765a3dee82a56fa3602926a97db267df78a48d50f641ea64e0069844daf829cc5715afb627b2007f7485320bc07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c7080938f003319689acde00a5bc678

    SHA1

    b835295774235d8b6721bc0bb5eb57ce5d94a8e2

    SHA256

    ef86642b13af7b05db1f95f3a9de54b7cddbd3f064ec4736d95b8fd6a8cc4c57

    SHA512

    32caab49328cf360443ecc6a9ebafb2755ecac8bb816e2a6ca5d0cd1f3eb3e92751de31befdd6a20a1be6f698647c56db41a8040ddd5a9157ad013a8fb79ef21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d6b197aa335450c12c52cd10179ca5b

    SHA1

    281a3821038fb5612e6d60264bea5765eb8b80f8

    SHA256

    7d62fa4a2720a2b66794f6f68afaac1d023fb614cddb867d450c0cef3b3e2f0c

    SHA512

    83741bd97f81b86d11a5d9a43d8ff0fff843013e06f6202ea62a8814b8ab0f9e3a3f2ce83d8df028975a809a065efecd31de0aa0a2c943710932370decab17f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c5c6c58fd5aabc8b9e11a015dbcef81

    SHA1

    d664f07f431da7e8a53fcc543064835f4888d6b1

    SHA256

    bc314d752b80b36a6151ce5c92407ced219485566fc8332c0f15562e611d6439

    SHA512

    76646dcc8e0acd9ea41e18d8f18a54dd0eea9239580f00ce43e9479d4a7cc89e483b9ef1ac3e24f83c49136fe2ec5b7179ce42101fb41efb00a001cc9df1fe42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a763a57fc130d1741ab9b046b721afec

    SHA1

    52820a53597c35b35ad03aa93a71dd3261c695bb

    SHA256

    6e1517cd451768a0f3cdf48963cdc366ecd8b8d77e99b9058eae861a0770e28e

    SHA512

    afb06151a0ee9138c89f50c713bfc8608369fb0574acd3f68eb8a2dc4ce212359596946ee16bf67f3ca00c2df599186f037c66376e789861e5f6b21ac65ce346

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed58c61d7afb544f1a4ed9fb0e25e6ae

    SHA1

    02b6f53a7553b3ce57edff85ded6b0fed3122dbc

    SHA256

    98c924a18687a34b11fe5c1b171cd5e6c0f5f0a849af4f356cb74c0d47ce39ac

    SHA512

    c294a5dab8a83ee7b2d590b3c398379d1675c6bfb07adaa98725e0a82049c291a8394c4635c269f114cfb1f1d8d04baa5e48306cf389ad06e17b18db8080ba9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0604947a9dacb29b61fd220ef7c69e78

    SHA1

    0396528f1907ece1f3c7b7617e1b98ecbd9cdc85

    SHA256

    0dab3bc3043adecf372e03d18928b2386f2d0c9636d9164cc3a474647b9a2c7e

    SHA512

    eecae41710957a02f4b75e086e267a39a6083cef6e580d997e07810f0633a32ca4f4eb1d8ee710e9cbd8397d2853818ae7b3524a6ae5b140e5d6cc074e8cadba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_57DA74490ED7A10816EF04437EA06DB2
    Filesize

    406B

    MD5

    1daf0b54134f13051f933f269f0246e3

    SHA1

    0f0c2299045ffdbdc2b36ae8536259771766830d

    SHA256

    81717b01fe6fda1b2250a5568b8c298bd6540681850fd59ae259e2dfabf314bb

    SHA512

    953e763c212d9d0bae517de300cfa576daea3b02c744070d30c2bc494372c030f2003b923f0f63cb43a7c932cc0908625b380ffe26c3dc13483eff902ff3593d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_D1B27FE7BE3D1D3B980BDEFA8B81E20A
    Filesize

    402B

    MD5

    634ceee3dc250654a8ba076c3937a963

    SHA1

    96f6da21615b69ab23606b89529908a745b88e2a

    SHA256

    6e2a5af73141182670ab76453333bc3391c1101710f384829cdfcc360ab2399c

    SHA512

    1e2a59d39385e7f834f953c9fbe293069233421e26df0bbeb2e7110cc31f4291cf7e2d67ba056989cd87bef8be66dd12e5099a933e565f2a4afc5e1f9bb7cd18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    e3080f39d8fa575dc09289fa89e3d0a9

    SHA1

    47ca12cfa1d92f3dfe9e54d98e69f83f89f8ab5c

    SHA256

    da8a818e8114b332fae9b18f85627553a1544199b3748247b8f232d7947307c6

    SHA512

    21067f19ef4fb91451ddc0ee45652930f4e0db85ea7c372d5afd2f3aa86b0607f86e2257ffe7fe7517941b205e670d46827a2f7e1bb4ad342ac06f05259649e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e1ur8h2\imagestore.dat
    Filesize

    5KB

    MD5

    9821c6584a0210e7cf56b3b3d4eac164

    SHA1

    a02a5e4197abfcf4f8dcb584f8ede8cbb267f96c

    SHA256

    2d49f4f5dc0b0345f3a9c73bac3f0fb44c07dba3acef9799871d06b66c4da8f1

    SHA512

    6909a131443acb8d9f0790ff0a10f320552ecdf07f7afde4089be6d0e0de0c1b8b38b89221a9567b32796d3a3ce98ee4294bfe252c8c9e5f567a82705d662f25

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab58D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar590.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    67b38b64b298cb40ab82ed44af538938

    SHA1

    c55bdea3f42a7c98946ff65130c0feb012a76e5a

    SHA256

    79a7087376a213b2a9ab7eb2c007a1d538cc6e7759f5d0a3d7b26791fd90ab43

    SHA512

    3ddabe571a3f79ee45ec3b93ee2531260150ba4fbf51878f17eec998c8bc8355953f59cbf4f5b417500fb190042c7d653656f87a620297c6cfc43a964143451e

    Download Submit

  • memory/2572-11-0x0000000002AF0000-0x0000000002B22000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2572-13-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-12-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-10-0x0000000002AF0000-0x0000000002B22000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2572-20-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-9-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-8-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-4-0x000007FEF5F8E000-0x000007FEF5F8F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2572-7-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2572-6-0x0000000001E90000-0x0000000001E98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2572-5-0x000000001B660000-0x000000001B942000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2956-19-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2956-21-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download