Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

AWB070820206533.exe

windows7_x64

10

AWB070820206533.exe

windows10_x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09/07/2020, 06:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AWB070820206533.exe

  • Size

    690KB

  • MD5

    3dfec10d4f1fe6f29a6b81c2c6501be2

  • SHA1

    185e5ecf817c7e5c65356b301fb7e23c96567dae

  • SHA256

    510b5fe7628cdd6f15e04907dca1cac201192853e26be4ee279b2d8f90c4e25c

  • SHA512

    f5aa17fdc3eeb5ccad123749a16f94122554cb1c1d5207c5e8a75363f34991831483b13f4f31b34d111bdce49535dc4a6703e3ee2d9198cc3721322b08e4b107

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AWB070820206533.exe
    "C:\Users\Admin\AppData\Local\Temp\AWB070820206533.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:976
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 936
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3896-0-0x0000000004A20000-0x0000000004A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-1-0x0000000004A20000-0x0000000004A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3-0x00000000052D0000-0x00000000052D1000-memory.dmp

    Filesize

    4KB

    Download