Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
66s -
max time network
101s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13/07/2020, 09:36
Static task
static1
Behavioral task
behavioral1
Sample
186vv53.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
186vv53.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
186vv53.exe
-
Size
156KB
-
MD5
e2a2cd3182abc1fa95d43c28647351b5
-
SHA1
513453b5495268026cc5a2b59d115d46eaf51932
-
SHA256
67e1a7ea77e26a39bedf12493f94a26b902fd557cdaca847c572f3ea85d20e0a
-
SHA512
bf7dc8ed3036ea8fd7711fc0bdb8d3fbce694b17bd29c7657266c1509adb862258af29ccbf815da5692e4ccacc0d7faccf763f01f15300366fe513b236156b63
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2892 428 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2892 WerFault.exe Token: SeBackupPrivilege 2892 WerFault.exe Token: SeDebugPrivilege 2892 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe 2892 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\186vv53.exe"C:\Users\Admin\AppData\Local\Temp\186vv53.exe"1⤵PID:428
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 428 -s 11362⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2892
-