Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
103s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13/07/2020, 13:34
Static task
static1
Behavioral task
behavioral1
Sample
Waybill.doc.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Waybill.doc.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Waybill.doc.exe
-
Size
244KB
-
MD5
846b1e88956d891648750465642f6222
-
SHA1
349dbdf816fdaf2176c32a48ce354ab86e64210c
-
SHA256
73ce18f3e68ee4af4c74629f5041241b31fd96226aa9d28c641faae949fb0d3b
-
SHA512
f09893abf172e5ca7e61921d34cb8b8afe6b0da5e21985b9fd612ec6282ef59bb447e9013751f8d401f3de33a3484e85b807610792bb4d910266d10dc5d7a7f9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2096 3008 WerFault.exe 65 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 2096 WerFault.exe Token: SeBackupPrivilege 2096 WerFault.exe Token: SeDebugPrivilege 2096 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe 2096 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Waybill.doc.exe"C:\Users\Admin\AppData\Local\Temp\Waybill.doc.exe"1⤵PID:3008
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 11402⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2096
-