Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
113s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
01/03/2022, 07:35
General
-
Target
sample.exe
-
Size
141KB
-
MD5
1c2af6c5e1b8b87189b5da7bd3cefe30
-
SHA1
6881acb4f1401f0db02bbebe82e2381a0b7c447d
-
SHA256
cf0705a3e4f3690e28184eb019a4940e7291ce5b3d52747ff80b72e90922a89b
-
SHA512
1f391111cbeb12f892c272076111a8317b98c9eda4bbf12eefb7a47bcc1a327b43310739a301718b700dc2ce28339b00533f2c9eda1f06ffff21f30d69ce6362
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample.exe"C:\Users\Admin\AppData\Local\Temp\sample.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4440 -s 9442⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 4440 -ip 44401⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB