Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
98s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 09:44
Static task
static1
Behavioral task
behavioral1
Sample
PO894749745.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PO894749745.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
PO894749745.exe
-
Size
440KB
-
MD5
6d687e89130f81088fcbf8f302700c1b
-
SHA1
a9cba71526bbd7b1ff912774c1c5b623a90cff8a
-
SHA256
b258aed05413eb191250d2907db5b64c4f36fdb0508fb3c9c6390c4144fd9497
-
SHA512
8babb1e45e0bfde70bcb40c64478dc084fb0a94db8e79bc5e1f3428bf7af495daa1fb3747780664c47fb1b4555daff15021c82c7c8ab56849f77e91d4f549853
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2428 4024 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2428 WerFault.exe Token: SeBackupPrivilege 2428 WerFault.exe Token: SeDebugPrivilege 2428 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe 2428 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PO894749745.exe"C:\Users\Admin\AppData\Local\Temp\PO894749745.exe"1⤵PID:4024
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 9442⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2428
-