Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
117s -
platform
windows10_x64 -
resource
win10 -
submitted
09/07/2020, 07:49
Static task
static1
Behavioral task
behavioral1
Sample
Access Invoice and project copy.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Access Invoice and project copy.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
Access Invoice and project copy.exe
-
Size
534KB
-
MD5
cb54bbaea939b4de45a411a856bd41a4
-
SHA1
8d258de61f13b74d4fd426337c3de4f0794ca372
-
SHA256
997de5ed7182657e00985a8b1e5f91656a8d7ad171c504780c5edbdda5fd5835
-
SHA512
8fef11aea6d6cdff318e719dd3a5e2ebd48f3ca9db21c5bd5690e9f49bbda2d27f889a1955e53b5b276cc57178367acbef48715cb771748f23645e7bf6dac0e8
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3544 3920 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe 3544 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3544 WerFault.exe Token: SeBackupPrivilege 3544 WerFault.exe Token: SeDebugPrivilege 3544 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Access Invoice and project copy.exe"C:\Users\Admin\AppData\Local\Temp\Access Invoice and project copy.exe"1⤵PID:3920
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 11402⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3544
-