Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
126s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
14/07/2020, 12:43
Static task
static1
Behavioral task
behavioral1
Sample
Sample pictures.exe
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Sample pictures.exe
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Sample pictures.exe
-
Size
634KB
-
MD5
0580a219f7ced746a00c061bc6e9d9ae
-
SHA1
05a132aee9f9808600fbf1077b70b99b5215c884
-
SHA256
918973702e97922d932c32d86618ebd35116fb2d67a93cafd0f53a5b7b30da29
-
SHA512
11885891a6cf5a67e1fbe6264600c15c8474de28da25e45ca5af12cf80d24871ae0423b610af1183c269b9b5241c3e424b0f69b8bda619d87a767ce5483a5771
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3596 1628 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1628 Sample pictures.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe 3596 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 1628 Sample pictures.exe Token: SeRestorePrivilege 3596 WerFault.exe Token: SeBackupPrivilege 3596 WerFault.exe Token: SeDebugPrivilege 3596 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sample pictures.exe"C:\Users\Admin\AppData\Local\Temp\Sample pictures.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1628 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 11522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3596
-