Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
74s -
max time network
134s -
platform
windows10_x64 -
resource
win10 -
submitted
08/07/2020, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5.exe
-
Size
705KB
-
MD5
af2d2ebeda11b5047b44ce8d0210de9e
-
SHA1
627160e80c9ea31f013ebbf9755f9b97e8493efc
-
SHA256
230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5
-
SHA512
1dcf7d6f3ff6981b2a13a091c451135b0af2c8c2fc12d33b0dfd4eaeb2a14ec88259a5201fcad80985c97d5fb664183ea8f14978cbc037133368aba304f4a0dc
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe 3796 WerFault.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3796 2460 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3796 WerFault.exe Token: SeBackupPrivilege 3796 WerFault.exe Token: SeDebugPrivilege 3796 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5.exe"C:\Users\Admin\AppData\Local\Temp\230ad9bffe97e0ee1f8f7cbf3c6cfa2d95211d859170ee19e3e2d9b8c1cc97b5.exe"1⤵PID:2460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 11442⤵
- Suspicious behavior: EnumeratesProcesses
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:3796
-