Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
69s -
max time network
118s -
platform
windows10_x64 -
resource
win10 -
submitted
13/07/2020, 06:23
Static task
static1
Behavioral task
behavioral1
Sample
nova narud#U017eba.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
nova narud#U017eba.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
nova narud#U017eba.exe
-
Size
321KB
-
MD5
a35772d14e29eff85dcd2d5fc74ab08c
-
SHA1
b1b5f8f29619273be7e5ea1fc360bd5634f8fb13
-
SHA256
6ce07f9854b3d9f983265569f34a640a9f274c1bfd30fcba4b6bb64c957ecc54
-
SHA512
24a531f25744ce69269fec48b13337c3711f65d16b989369780cfe609a25cbce86c6a9d8df5b678c0688ad62a7d6ca2dc61c66865f2c44dce85a89da5d2db46e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3240 3100 WerFault.exe 66 -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe 3240 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3240 WerFault.exe Token: SeBackupPrivilege 3240 WerFault.exe Token: SeDebugPrivilege 3240 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\nova narud#U017eba.exe"C:\Users\Admin\AppData\Local\Temp\nova narud#U017eba.exe"1⤵PID:3100
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 11362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3240
-