Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
96s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 09:33
Static task
static1
Behavioral task
behavioral1
Sample
PaymentConfirmation.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PaymentConfirmation.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
PaymentConfirmation.exe
-
Size
598KB
-
MD5
968c93132fbe953eef1c9e9745fc5105
-
SHA1
fe1e8bd516af4ce7f8b4991de128f4f476cec9f9
-
SHA256
1b3649284ca4a79f52fc8dac008634540bbb8aa49d0903b6899f8708b37a3df9
-
SHA512
7a938b3f4c97a5c496a8ed6efa285676693c84148b6ef485d0f46b8ccba7d7b99e2db8bd1237134ec199480b3ceab5b5c3c7d85019c503506ba5ad784dd55047
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3832 992 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe 3832 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3832 WerFault.exe Token: SeBackupPrivilege 3832 WerFault.exe Token: SeDebugPrivilege 3832 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe"C:\Users\Admin\AppData\Local\Temp\PaymentConfirmation.exe"1⤵PID:992
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 82682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3832
-