Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
11/08/2022, 15:39
Static task
static1
Behavioral task
behavioral1
Sample
terror.exe
Resource
win7-20220718-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
terror.exe
Resource
win10v2004-20220721-en
3 signatures
150 seconds
General
-
Target
terror.exe
-
Size
4.1MB
-
MD5
77dd31adbf6895ba075fa0e4864b0017
-
SHA1
bed7e4ae5247c536868a4474c640fe808dc05bf7
-
SHA256
114597ce6ce72d2e30ba0d86e20562c2e6b477838d30ed6ec998f315573bc1ba
-
SHA512
dc7c4ec8a9f6d091d263713b5c321318c44844126e64ae51ca4d73ea85424854f382ba7ee34c96290c1eab44433bbfbcf23f467245ae64f58b5640db4cf8a630
Score
10/10
Malware Config
Signatures
-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 892 set thread context of 82768 892 terror.exe 29 -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29 PID 892 wrote to memory of 82768 892 terror.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\terror.exe"C:\Users\Admin\AppData\Local\Temp\terror.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:892 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:82768
-