Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
07/07/2020, 12:43
Static task
static1
Behavioral task
behavioral1
Sample
73533280097647.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
73533280097647.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
73533280097647.exe
-
Size
622KB
-
MD5
cbbdf22fa1411ba58d30eadcaed48314
-
SHA1
c7f36a26a7083348b3b390b763d82463e21bfa28
-
SHA256
6f6a327875691d7d61cdb1e73bbe10e1252493f9e8b2a9c5b0ea31fcc6c38925
-
SHA512
d49f320f72b191fb43f15c26cc791c218fc480cc48f488fe2b6aaca7210755e434e02cf083abdc6c394aed04c101e7966bfc2dac25edf31ce465c9e6ba8c5a84
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3844 3068 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3068 73533280097647.exe Token: SeRestorePrivilege 3844 WerFault.exe Token: SeBackupPrivilege 3844 WerFault.exe Token: SeDebugPrivilege 3844 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 3068 73533280097647.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe 3844 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\73533280097647.exe"C:\Users\Admin\AppData\Local\Temp\73533280097647.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3068 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 9402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3844
-