Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
69s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 08:52
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Invoice.exe
-
Size
5.1MB
-
MD5
7f1e268e77797a3049136b2e8b67a997
-
SHA1
27c0a7cb6cf140d6ad7109cfb2c0f64af73f6e8c
-
SHA256
03a8582db8f34154ed1e18821d8d7e2df2148ce0c36b06ed7fb91f387e3f0aa6
-
SHA512
0ddd4c099c3bb57f2f836793fabe78e9679f56caa80105d1d04f90866f533d37437873379b598ce5d5e56bea849a5717de599b37175052ca389cfc80568ee8a3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1532 1732 WerFault.exe 67 -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1732 Invoice.exe Token: SeRestorePrivilege 1532 WerFault.exe Token: SeBackupPrivilege 1532 WerFault.exe Token: SeDebugPrivilege 1532 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 1732 Invoice.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe 1532 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Invoice.exe"C:\Users\Admin\AppData\Local\Temp\Invoice.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1732 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 9402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1532
-