Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
65s -
max time network
97s -
platform
windows10_x64 -
resource
win10 -
submitted
14/07/2020, 13:44
Static task
static1
Behavioral task
behavioral1
Sample
UOg6ZfxoyRuAGSn.exe
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
UOg6ZfxoyRuAGSn.exe
Resource
win10
0 signatures
0 seconds
General
-
Target
UOg6ZfxoyRuAGSn.exe
-
Size
976KB
-
MD5
7bf5ded25fe2da584758d62b972f137c
-
SHA1
1ef899d23c5e4a088d82cdc545d317df170bdc20
-
SHA256
e4031bfc8a9e6268a0c5c85697424583fcf998bc75728a3b9b2f779879f167a4
-
SHA512
72a2386e36347553c63b1efff9f84e005b782c087faa4227876b54c316c9d195efa8cf866e8232ada9cfea9b5aef5750a7887c61c5269883948296591e918051
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3824 3104 WerFault.exe 66 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3824 WerFault.exe Token: SeBackupPrivilege 3824 WerFault.exe Token: SeDebugPrivilege 3824 WerFault.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe 3824 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\UOg6ZfxoyRuAGSn.exe"C:\Users\Admin\AppData\Local\Temp\UOg6ZfxoyRuAGSn.exe"1⤵PID:3104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 9042⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3824
-