Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
09/07/2020, 06:30
Static task
static1
Behavioral task
behavioral1
Sample
AWB070820206533.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
AWB070820206533.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
AWB070820206533.exe
-
Size
690KB
-
MD5
3dfec10d4f1fe6f29a6b81c2c6501be2
-
SHA1
185e5ecf817c7e5c65356b301fb7e23c96567dae
-
SHA256
510b5fe7628cdd6f15e04907dca1cac201192853e26be4ee279b2d8f90c4e25c
-
SHA512
f5aa17fdc3eeb5ccad123749a16f94122554cb1c1d5207c5e8a75363f34991831483b13f4f31b34d111bdce49535dc4a6703e3ee2d9198cc3721322b08e4b107
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3896 976 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 976 AWB070820206533.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe 3896 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 976 AWB070820206533.exe Token: SeRestorePrivilege 3896 WerFault.exe Token: SeBackupPrivilege 3896 WerFault.exe Token: SeDebugPrivilege 3896 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\AWB070820206533.exe"C:\Users\Admin\AppData\Local\Temp\AWB070820206533.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:976 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 9362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3896
-