Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
74s -
max time network
115s -
platform
windows10_x64 -
resource
win10 -
submitted
09/07/2020, 12:20
Static task
static1
Behavioral task
behavioral1
Sample
PDF-WELLS-FARGO.ONLINE.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PDF-WELLS-FARGO.ONLINE.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
PDF-WELLS-FARGO.ONLINE.exe
-
Size
741KB
-
MD5
f6d42993c68a11c982aacd2f9139121c
-
SHA1
77fc6bdc2a92eabc65d801416351db4b59084832
-
SHA256
a485d30d6c6bb72943cce9397693d1246e58b468674848c8c59e75a238b2515e
-
SHA512
58ed90444fe71151a9f2dd923883c72309c65cf6ea22bd3fdb26e91d4f468cb272fb1f3b5c88f01d7ac434e408df9a9a866f3f9681c368263818097eca1cfb6f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3712 2808 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3712 WerFault.exe Token: SeBackupPrivilege 3712 WerFault.exe Token: SeDebugPrivilege 3712 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe 3712 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PDF-WELLS-FARGO.ONLINE.exe"C:\Users\Admin\AppData\Local\Temp\PDF-WELLS-FARGO.ONLINE.exe"1⤵PID:2808
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 11442⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3712
-