Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
12/04/2022, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
209609199e47fecdd76a96dabf1f9cf5.exe
Resource
win7-20220331-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
209609199e47fecdd76a96dabf1f9cf5.exe
Resource
win10v2004-20220331-en
0 signatures
0 seconds
General
-
Target
209609199e47fecdd76a96dabf1f9cf5.exe
-
Size
372KB
-
MD5
209609199e47fecdd76a96dabf1f9cf5
-
SHA1
4ad578096b72f376bd012d3f3ba6a6cd7f162432
-
SHA256
217265e900ce6d8b7750e25c9d4560715f2e58be5a2aa9210ba4f9974ae760c8
-
SHA512
b8893d5d367afb465420e1c0671510db6b1f4603458a0bd416f5ded0f670f7ccdef37133ddf0049dccd822d6b42b0565a94f7f0530d6093d80cedc4638ae08d9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1312 1236 WerFault.exe 27 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1236 209609199e47fecdd76a96dabf1f9cf5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1236 wrote to memory of 1312 1236 209609199e47fecdd76a96dabf1f9cf5.exe 28 PID 1236 wrote to memory of 1312 1236 209609199e47fecdd76a96dabf1f9cf5.exe 28 PID 1236 wrote to memory of 1312 1236 209609199e47fecdd76a96dabf1f9cf5.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\209609199e47fecdd76a96dabf1f9cf5.exe"C:\Users\Admin\AppData\Local\Temp\209609199e47fecdd76a96dabf1f9cf5.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1236 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1236 -s 10442⤵
- Program crash
PID:1312
-