Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
13/07/2020, 06:39
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipping Document_PDF.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DHL Shipping Document_PDF.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
DHL Shipping Document_PDF.exe
-
Size
313KB
-
MD5
6f93148cc0b4a11464c0ad521de71b6f
-
SHA1
d81a93d5ae58848934211d3032833b775b8e1da4
-
SHA256
8e19aa41d4d9df55db350241ee00258f455501449ad3054c09b0ee7b148da430
-
SHA512
eb854e474e6c15f526baed5e0c6dd288498515eca1e1e44712a25d65b2f48ff318e1f07828590b0eda3f7134ded740f3abc360d0d887095d1dce37c7c418b0db
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3776 384 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe 3776 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3776 WerFault.exe Token: SeBackupPrivilege 3776 WerFault.exe Token: SeDebugPrivilege 3776 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL Shipping Document_PDF.exe"C:\Users\Admin\AppData\Local\Temp\DHL Shipping Document_PDF.exe"1⤵PID:384
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3776
-