Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
102s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09/07/2020, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Details 00459010265 - 07.07.2020.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Shipping Details 00459010265 - 07.07.2020.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Shipping Details 00459010265 - 07.07.2020.exe
-
Size
719KB
-
MD5
ec25c93cf619cf346cbb955af0518baf
-
SHA1
6a72eb049453cc1aa268f424eb03fa4b466bcfea
-
SHA256
ad2da1fa0e285bd992c7dc1d0dcad3f5a476bd62478ebf958326302942fabeec
-
SHA512
52886dbab173286145b16e61a45051ca8a79bf94ed317e7f35047552c2ce47f51610f46e22b19b8dafa748f0c7c6974bbbd22e059ce28578810837540bb96df8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2080 3812 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe 2080 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2080 WerFault.exe Token: SeBackupPrivilege 2080 WerFault.exe Token: SeDebugPrivilege 2080 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Shipping Details 00459010265 - 07.07.2020.exe"C:\Users\Admin\AppData\Local\Temp\Shipping Details 00459010265 - 07.07.2020.exe"1⤵PID:3812
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 11482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2080
-