Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
128s -
max time network
98s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 06:34
Static task
static1
Behavioral task
behavioral1
Sample
TT_copy.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
TT_copy.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
TT_copy.exe
-
Size
561KB
-
MD5
3596dca21b1e41c2cd233d18195cea13
-
SHA1
7e58382e71064bd5d7ecac40b0e6a3b95d32d5cc
-
SHA256
441efa986321eb0bdac9d133478f98a11dea6ff3a85af1c9c145a6049cb33cb6
-
SHA512
f8b645a7a68ab1f491afd0483447a0731ae79bb85999f421cee46a7c5de50fd53e48a3b50936303b809edaa70a773e7431bed0731527dbcc79c2fa3e2dac7939
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2880 1484 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe 2880 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2880 WerFault.exe Token: SeBackupPrivilege 2880 WerFault.exe Token: SeDebugPrivilege 2880 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TT_copy.exe"C:\Users\Admin\AppData\Local\Temp\TT_copy.exe"1⤵PID:1484
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 9402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2880
-