Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

ubuntu2404...uk.ps1

windows11-21h2-x64

3

Resubmissions

06/03/2025, 19:57

250306-ypg6fawvfw 3

06/03/2025, 19:51

250306-yk52pswvaw 3

06/03/2025, 00:33

250306-awjqvatsgy 3

06/03/2025, 00:28

250306-asg3vatpy3 4

06/03/2025, 00:20

250306-amt58atnw5 4

13/02/2025, 18:46

250213-xerfpa1qhl 8

13/02/2025, 17:15

250213-vs3d1azqgq 8

03/02/2025, 06:19

250203-g3pc8svlfl 3

20/12/2024, 21:06

241220-zxvl6stpcv 3

15/12/2024, 03:29

241215-d2ekvssngx 4

Analysis

  • max time kernel
    893s
  • max time network
    895s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250218-en
  • resource tags

    arch:x64arch:x86image:win11-20250218-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/03/2025, 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ubuntu2404-amd64-20240523-uk.ps1

  • Size

    1B

  • MD5

    f1290186a5d0b1ceab27f4e77c0c5d68

  • SHA1

    aff024fe4ab0fece4091de044c58c9ae4233383a

  • SHA256

    50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

  • SHA512

    aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ubuntu2404-amd64-20240523-uk.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2708
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4684,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:14
    1⤵
      PID:3908
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      1⤵
        PID:2692
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5612,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1
        1⤵
          PID:1416
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5620,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:1
          1⤵
            PID:3836
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5644,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:1
            1⤵
              PID:3184
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5848,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:14
              1⤵
                PID:3028
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6212,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
                1⤵
                  PID:2004
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=780,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:14
                  1⤵
                    PID:3944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6612,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:1
                    1⤵
                      PID:5004
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6532,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
                      1⤵
                        PID:1776
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6980,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:1
                        1⤵
                          PID:932
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6988,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:1
                          1⤵
                            PID:5112
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6488,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:1
                            1⤵
                              PID:3884
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7176,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:1
                              1⤵
                                PID:2360
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6916,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:1
                                1⤵
                                  PID:436
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7424,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:1
                                  1⤵
                                    PID:1856
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7308,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=7304 /prefetch:14
                                    1⤵
                                      PID:1372
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6328,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
                                      1⤵
                                        PID:4084
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --always-read-main-dll --field-trial-handle=3796,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:1
                                        1⤵
                                          PID:1348
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations --always-read-main-dll --field-trial-handle=6536,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:12
                                          1⤵
                                            PID:560
                                          • C:\Windows\system32\AUDIODG.EXE
                                            C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:244
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                            1⤵
                                              PID:2036
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=6816,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:14
                                              1⤵
                                                PID:4736
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=7464,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:14
                                                1⤵
                                                  PID:3128
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=7356,i,510155214614128252,14857291624332394009,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:14
                                                  1⤵
                                                    PID:648

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1id01ecn.tj0.ps1
                                                    Filesize

                                                    60B

                                                    MD5

                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                    SHA1

                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                    SHA256

                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                    SHA512

                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                    Download Submit

                                                  • memory/2708-0-0x00007FF9435F3000-0x00007FF9435F5000-memory.dmp

                                                    Filesize

                                                    8KB

                                                    Download

                                                  • memory/2708-1-0x00007FF9435F0000-0x00007FF9440B2000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/2708-7-0x00000193FA5A0000-0x00000193FA5C2000-memory.dmp

                                                    Filesize

                                                    136KB

                                                    Download

                                                  • memory/2708-11-0x00007FF9435F0000-0x00007FF9440B2000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/2708-12-0x00007FF9435F0000-0x00007FF9440B2000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/2708-13-0x00007FF9435F0000-0x00007FF9440B2000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download

                                                  • memory/2708-14-0x00007FF9435F0000-0x00007FF9440B2000-memory.dmp

                                                    Filesize

                                                    10.8MB

                                                    Download