Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
26s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18/08/2021, 21:12
Static task
static1
Behavioral task
behavioral1
Sample
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
Resource
win10v20210410
0 signatures
0 seconds
General
-
Target
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe
-
Size
22KB
-
MD5
8cd81ae69ade058076263addc8dd3ebb
-
SHA1
362eb81ecac33897d4dd2a3f175efaaf0fe2c2f5
-
SHA256
3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3
-
SHA512
6170bc3191b8d88043b5c7799c17338f4717af087fa4524141955d2e6cfb0cb468262bcc5c466fe39adfbc534796a79e06d84894ae9f7911b2353460580dac21
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1748 3460 WerFault.exe 30 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe 1748 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1748 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"C:\Users\Admin\AppData\Local\Temp\3ad0af44a4269c0121eeb19cee197a90b4a7e862b5ce04eab6aafc021dd6e7a3.exe"1⤵PID:3460
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3460 -s 1522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1748
-