Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
107s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13/07/2020, 12:10
Static task
static1
Behavioral task
behavioral1
Sample
2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee.exe
-
Size
151KB
-
MD5
2f69495e576c580e33a3e9ab700691ac
-
SHA1
1dbac603d3d19785afea7f6910a960bf8ec23aad
-
SHA256
2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee
-
SHA512
25619211997c998d2b36682be8d9b7684e35b3c6331f6155fe09f161831d78f760dc8c8a48699a093c54ec806c784f889946f07202eb7490af955f4e147ea4ae
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe 2744 WerFault.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2744 2860 WerFault.exe 67 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2744 WerFault.exe Token: SeBackupPrivilege 2744 WerFault.exe Token: SeDebugPrivilege 2744 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee.exe"C:\Users\Admin\AppData\Local\Temp\2ecc8d956dcef4f753a79989e5741210cc50b9f369e0f76145cd3e1e5144c4ee.exe"1⤵PID:2860
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 11402⤵
- Suspicious behavior: EnumeratesProcesses
- Program crash
- Suspicious use of AdjustPrivilegeToken
PID:2744
-