Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
73s -
max time network
120s -
platform
windows10_x64 -
resource
win10 -
submitted
09/07/2020, 13:48
Static task
static1
Behavioral task
behavioral1
Sample
f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d.exe
-
Size
6KB
-
MD5
22ad5f98cf17f6b82cb73146e6bd2f81
-
SHA1
8cec6573d2a7776b0c4331dff213e27ab9ccd8b4
-
SHA256
f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d
-
SHA512
1aa3f8c29ba4c953910dd0bc424749021a508ed9ce3e510dbd21e4009ccf9de44ffa1f4bd1789cec1857941259d5403d4b38c39e2b3e706395847476fcd482ca
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3840 3036 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3840 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe 3840 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d.exe"C:\Users\Admin\AppData\Local\Temp\f934c685506a5fc30ba4c63a14f81c2c51863a264c498186234b2edf7d05e51d.exe"1⤵PID:3036
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3036 -s 6882⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3840
-