Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
13/07/2020, 11:44
Static task
static1
Behavioral task
behavioral1
Sample
2 USD TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2 USD TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
2 USD TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe
-
Size
327KB
-
MD5
97e7ca461960d2c6592034c5631eef60
-
SHA1
93198c560bf0d1e0dce99b217dcc6a81010e8fc7
-
SHA256
21813f583f972f9c4e699983357c38a32f9a42821db9dad54affd80aefd89967
-
SHA512
c7da2e95058a5d32981c506d0b8341f3f602eb48b64f6d6250540c8330f9ea32ff4b65d190d6ed9299e483518d122b7a87cd8c581af8e1e3d37ba45cd692ffb3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4032 748 WerFault.exe 65 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe 4032 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 4032 WerFault.exe Token: SeBackupPrivilege 4032 WerFault.exe Token: SeDebugPrivilege 4032 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2 USD TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe"C:\Users\Admin\AppData\Local\Temp\2 USD TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe"1⤵PID:748
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4032
-