Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
67s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 13:22
Static task
static1
Behavioral task
behavioral1
Sample
Order.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Order.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Order.exe
-
Size
686KB
-
MD5
73264b4a5cf35f2029d3ecd5f9ad5526
-
SHA1
50e13f20b9c5d3ba16dca9d44ff3cbe15b5065aa
-
SHA256
78cda73e2008c1ca39e0497d5065baf7404e4c6f943b7dab60b5eb6872c70098
-
SHA512
90ab76cc0ffdd6691d0be0c42dc27cc929345f806dfa281896072b6b75e59b4b34f85a1bac5e514264201a5267d869d83e4d8771010828ffa675d50bb7f4de01
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 504 3812 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3812 Order.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe 504 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3812 Order.exe Token: SeRestorePrivilege 504 WerFault.exe Token: SeBackupPrivilege 504 WerFault.exe Token: SeDebugPrivilege 504 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Order.exe"C:\Users\Admin\AppData\Local\Temp\Order.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3812 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 9402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:504
-