Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
27s -
max time network
36s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
19/05/2021, 11:54
Static task
static1
Behavioral task
behavioral1
Sample
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
-
Size
22KB
-
MD5
8cd81ae69ade058076263addc8dd3ebb
-
SHA1
362eb81ecac33897d4dd2a3f175efaaf0fe2c2f5
-
SHA256
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3
-
SHA512
6170bc3191b8d88043b5c7799c17338f4717af087fa4524141955d2e6cfb0cb468262bcc5c466fe39adfbc534796a79e06d84894ae9f7911b2353460580dac21
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2332 620 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe 2332 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2332 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"1⤵PID:620
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 620 -s 1522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2332
-