Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10/07/2020, 17:59
Static task
static1
Behavioral task
behavioral1
Sample
Order-No 20200708 pdf.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Order-No 20200708 pdf.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Order-No 20200708 pdf.exe
-
Size
741KB
-
MD5
96be544435702043037ddad6334cbb89
-
SHA1
46a4fc933f172d345bb5f4727eb6ae92dbdf6c54
-
SHA256
2e6c9cf68a8bcca1eb368038a06f47566eb7fd3eb6ea6919bcbd293dbadf1e11
-
SHA512
358a655ecafb05919f153651ca4addeb692f8a3011b1800ef47fda9a7e916c7bbebefaa883ad3d2b3a8037715362b246d380c1c2c2b00e4e413071652104c4db
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2508 1132 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe 2508 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2508 WerFault.exe Token: SeBackupPrivilege 2508 WerFault.exe Token: SeDebugPrivilege 2508 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Order-No 20200708 pdf.exe"C:\Users\Admin\AppData\Local\Temp\Order-No 20200708 pdf.exe"1⤵PID:1132
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 11482⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2508
-