Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27/05/2022, 15:25
Static task
static1
Behavioral task
behavioral1
Sample
DHL PACKAGE DOCUMENT.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DHL PACKAGE DOCUMENT.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
DHL PACKAGE DOCUMENT.exe
-
Size
23KB
-
MD5
cf65c6f1cb9b6847cf639bd57e8282d1
-
SHA1
30e4a45690434c04643aa30456191fc78041caf4
-
SHA256
49c7f9c1a11758309f55b563b54a44b734b39f185d1d5d63436adea38e44a03d
-
SHA512
b554bd0f76522d5bd33d33481b8a98f37059f87be2cd651c012181c1c776e294831281c4e65b68104de62eae3feaa8f813b3ec8f2c827f5f438f7cfcec9ca7eb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1368 1948 WerFault.exe 27 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1948 DHL PACKAGE DOCUMENT.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1948 wrote to memory of 1368 1948 DHL PACKAGE DOCUMENT.exe 28 PID 1948 wrote to memory of 1368 1948 DHL PACKAGE DOCUMENT.exe 28 PID 1948 wrote to memory of 1368 1948 DHL PACKAGE DOCUMENT.exe 28 PID 1948 wrote to memory of 1368 1948 DHL PACKAGE DOCUMENT.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL PACKAGE DOCUMENT.exe"C:\Users\Admin\AppData\Local\Temp\DHL PACKAGE DOCUMENT.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 11242⤵
- Program crash
PID:1368
-