Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows10_x64 -
resource
win10 -
submitted
12/07/2020, 11:26
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT - JULY 12.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT - JULY 12.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
STATEMENT OF ACCOUNT - JULY 12.exe
-
Size
391KB
-
MD5
7e0f734c9add7e48862f0dbcf319901c
-
SHA1
99b9640f0fe628b513ccba7e2a511b2667267359
-
SHA256
8f74d4186885e919ba7b7c06562f9237691fd736feeb6222470f38b7efdcc532
-
SHA512
b451c57bcb496657356f917eccba140b6d54edabf491c895ac804d815955abec547627e7e7cf4628b1cd6f10e289f84723187eb263024310d59dbb36d5fe1754
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3520 3892 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe 3520 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3520 WerFault.exe Token: SeBackupPrivilege 3520 WerFault.exe Token: SeDebugPrivilege 3520 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\STATEMENT OF ACCOUNT - JULY 12.exe"C:\Users\Admin\AppData\Local\Temp\STATEMENT OF ACCOUNT - JULY 12.exe"1⤵PID:3892
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 11442⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3520
-