Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
124s -
max time network
146s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 07:14
Static task
static1
Behavioral task
behavioral1
Sample
image 0024.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
image 0024.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
image 0024.exe
-
Size
436KB
-
MD5
cb29b25b3afa9f01540dbb781268094c
-
SHA1
2d7042e338459225c4a79f5798f966add0c6389a
-
SHA256
3aa145f9e9873605383376b07bf5ec61bce5138cb875b29b706e17a30377dbf8
-
SHA512
546088211917a5e379b4bb2e4c3d0e552f78e4b2fc54049c9062cdbafc4ba62cce3028acef6a92effd8f8be72d1b49d9cbe1228bb210a59c201393bec805683e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2460 972 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe 2460 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2460 WerFault.exe Token: SeBackupPrivilege 2460 WerFault.exe Token: SeDebugPrivilege 2460 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\image 0024.exe"C:\Users\Admin\AppData\Local\Temp\image 0024.exe"1⤵PID:972
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 9202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2460
-