Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
99s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 05:46
Static task
static1
Behavioral task
behavioral1
Sample
invoice.pdf.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
invoice.pdf.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
invoice.pdf.exe
-
Size
439KB
-
MD5
8e8165e74a734ef4504df4fc4b014f8d
-
SHA1
ce43b52541df7cdc3f4053d201517adb447005c9
-
SHA256
f892f7e0b4bcfd9084ac791d72a87a95a16ca175a154faf0a2e24da5dd205bce
-
SHA512
101124fe99affa3944d3fe225c1e3065548c2e0faff42dd58fcfbed295d91e41733a068e6a629aba91ad5c5258565cbd47f2f4544e10d8a418c7ae1edf5cb5f4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1828 1008 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe 1828 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 1828 WerFault.exe Token: SeBackupPrivilege 1828 WerFault.exe Token: SeDebugPrivilege 1828 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\invoice.pdf.exe"C:\Users\Admin\AppData\Local\Temp\invoice.pdf.exe"1⤵PID:1008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 9122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1828
-