Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...23.zip

windows7-x64

4

JaffaCakes...23.zip

windows10-2004-x64

1

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Editor.exe

windows7-x64

10

Editor.exe

windows10-2004-x64

10

OptixPRO T...an.pdf

windows7-x64

3

OptixPRO T...an.pdf

windows10-2004-x64

3

Server.exe

windows7-x64

10

Server.exe

windows10-2004-x64

10

README.vbs

windows7-x64

1

README.vbs

windows10-2004-x64

1

setup.ps1

windows7-x64

6

setup.ps1

windows10-2004-x64

6

subseven.ps1

windows7-x64

3

subseven.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2025, 00:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.ps1

  • Size

    15KB

  • MD5

    86be38f00562db610b793b264700a9bb

  • SHA1

    f30e7c822ab79fb3c0852b42c0df990a88a35e93

  • SHA256

    7a1cdc4657a9ad76631e6f084eaac6085ab28001e66634207e78e65f82438806

  • SHA512

    66172fdce1d1477e318135c0eba1f4606d27cb806a64637ec0915447721ef4a119d1faffe130c39033fd9a75a4098a01ab04480001f99f3a99680ed9dabbb078

  • SSDEEP

    192:tYN8eNBxD8Y/pEO69KM4Ito9vNORuKvluRAIicEvE3TKJwgVTX2:m60NJ7M4rOMYURA7aOi

Score
6/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\setup.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-4-0x000007FEF5CAE000-0x000007FEF5CAF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-5-0x000000001B720000-0x000000001BA02000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2012-6-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2012-7-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2012-10-0x00000000029EB000-0x0000000002A52000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2012-9-0x00000000029E4000-0x00000000029E7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2012-8-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2012-11-0x000007FEF59F0000-0x000007FEF638D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.