Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
97s -
platform
windows10_x64 -
resource
win10 -
submitted
10/07/2020, 07:16
Static task
static1
Behavioral task
behavioral1
Sample
Emergency Situation Surcharge Update.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Emergency Situation Surcharge Update.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
Emergency Situation Surcharge Update.exe
-
Size
451KB
-
MD5
4d7528ff3e3e634db83bdc55c56ac62a
-
SHA1
b63bd466732bdf5b9e43a20a7442b7547a4444bf
-
SHA256
3f258d6b65fd6594bc19ac4f3825112f78043a3c112f7bf56dd40bec84750a1e
-
SHA512
2297087cb141f830f7f45d5e8f0d6f363396096d655d12984a93d5b1068622e326bc9379b4e6c40f589e39a8b46a2b082ffc3126e8806edc406708d6c7d41ad4
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3888 3832 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe 3888 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3888 WerFault.exe Token: SeBackupPrivilege 3888 WerFault.exe Token: SeDebugPrivilege 3888 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Emergency Situation Surcharge Update.exe"C:\Users\Admin\AppData\Local\Temp\Emergency Situation Surcharge Update.exe"1⤵PID:3832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 9242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3888
-