Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
69s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
12/07/2020, 11:25
Static task
static1
Behavioral task
behavioral1
Sample
LOI.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
LOI.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
LOI.exe
-
Size
1.7MB
-
MD5
a9ec592de604f8cc9300e8160a2ee6d5
-
SHA1
2cfcc36239da64a6a7423335f70fccdfce30a554
-
SHA256
968a8beb6e28a3373c34727e3267517381b9108f1086cd5c7325a376cb19339b
-
SHA512
9695d5ea9c406d053b3aea16f2a63211ccaa5bfa1fac3005d9924eec0fa08f16e8c46a036c274853425f3dccdd0480ef999527f49653f637be8c1ebcf62dd3fe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3932 3100 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3100 LOI.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe 3932 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3100 LOI.exe Token: SeRestorePrivilege 3932 WerFault.exe Token: SeBackupPrivilege 3932 WerFault.exe Token: SeDebugPrivilege 3932 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\LOI.exe"C:\Users\Admin\AppData\Local\Temp\LOI.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3100 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 12722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3932
-