Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 05:09
Static task
static1
Behavioral task
behavioral1
Sample
MCB-87669.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
MCB-87669.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
MCB-87669.exe
-
Size
684KB
-
MD5
70c4d5c030027ad6717effc742a99b4a
-
SHA1
65de3bee4d4643c937607df4ddb1ecc3ad01929f
-
SHA256
3e1948c266a9b1c6818e5136b021fb7146f334912fa4a3975343479062f45b35
-
SHA512
b023cc113871b94fcbe7b7b00baed402167205bc4206010a34eb7305b8fd984fe176d3a0bf5219cc722605ea7d3dce6b77193f62993f7119a0841b7b8e41c310
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe 2492 WerFault.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2492 3768 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2492 WerFault.exe Token: SeBackupPrivilege 2492 WerFault.exe Token: SeDebugPrivilege 2492 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MCB-87669.exe"C:\Users\Admin\AppData\Local\Temp\MCB-87669.exe"1⤵PID:3768
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 9202⤵
- Suspicious behavior: EnumeratesProcesses
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:2492
-