Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

185.7.214_1.211.ps1

windows7-x64

8

185.7.214_1.211.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2025, 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    185.7.214_1.211.ps1

  • Size

    748B

  • MD5

    e82a3ff48366e1f36544a3da3cabc703

  • SHA1

    84796eb3285b20787b8b17765e73b7180b4931d0

  • SHA256

    4a6a052cca2e26577c7e07e513a33ae7f147bfdcbbed22e3ad6ee36d4c66850e

  • SHA512

    87fe6cf2aa4925e39274a7279b2349ff8aeebcd68c73a6561d3d456960b9bca8b5c0722aa0c2712804c4538793f4c1cce9ff3be3904bbd891599979e963d6173

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\185.7.214_1.211.ps1
    1⤵
    • Blocklisted process makes network request
    • Downloads MZ/PE file
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-4-0x000007FEF5AEE000-0x000007FEF5AEF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1560-6-0x0000000001FC0000-0x0000000001FC8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1560-5-0x000000001B530000-0x000000001B812000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1560-7-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1560-8-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1560-10-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1560-9-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1560-11-0x000000001B820000-0x000000001B874000-memory.dmp

    Filesize

    336KB

    Download

  • memory/1560-12-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

    Filesize

    9.6MB

    Download