Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
113s -
platform
windows10_x64 -
resource
win10 -
submitted
09/07/2020, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
Fenc_General Presentation.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Fenc_General Presentation.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
Fenc_General Presentation.exe
-
Size
447KB
-
MD5
6550d5ad0410e634c7bab8e161fadf88
-
SHA1
8819193d0ad3e5c5717107aca3920ed283c53e80
-
SHA256
bd2bf7c79dda8208f9ec0c2199d1ec61058aa43bbe6f8548623444fc143a3aec
-
SHA512
57eb107f455af652096ea9bef547c90e460216a948883bf70564651d058b039ad62ad4e80c1c52ec15218d58dcb4bb8b2b48830b37bde30962a5c676838bd39c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3496 4036 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3496 WerFault.exe Token: SeBackupPrivilege 3496 WerFault.exe Token: SeDebugPrivilege 3496 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe 3496 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Fenc_General Presentation.exe"C:\Users\Admin\AppData\Local\Temp\Fenc_General Presentation.exe"1⤵PID:4036
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 11362⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3496
-