Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
102s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 07:02
Static task
static1
Behavioral task
behavioral1
Sample
2020quotation.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2020quotation.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
2020quotation.exe
-
Size
571KB
-
MD5
d7e71fd11bcd87a59da8b00143883adb
-
SHA1
6b7f4c2f64c01e2bd10a0c0a9cee0f54d4bb7755
-
SHA256
3ce9849a8dac1e1dbc85706d28667072289247e2ecd262134b9e014a939d6310
-
SHA512
57738549c3fb4485381d04c973ccc630a645c6806a8a79a9021b6f5392aa77654bef04af5466a75bdbdef87db549f049f18caf5894315afe11767be1dd40bd18
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2252 3656 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe 2252 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2252 WerFault.exe Token: SeBackupPrivilege 2252 WerFault.exe Token: SeDebugPrivilege 2252 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2020quotation.exe"C:\Users\Admin\AppData\Local\Temp\2020quotation.exe"1⤵PID:3656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 9162⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2252
-