Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
15/09/2022, 17:59
220915-wkw3padgb3 315/09/2022, 17:56
220915-wh3gpadga8 322/07/2022, 19:25
220722-x4ylashdfl 1022/07/2022, 17:20
220722-vwqvdaggfl 10Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
15/09/2022, 17:59
Static task
static1
Behavioral task
behavioral1
Sample
ORDER3763873.exe
Resource
win7-20220812-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
ORDER3763873.exe
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
ORDER3763873.exe
-
Size
13KB
-
MD5
fcf1a0e7b406505e0aaa094393d45d72
-
SHA1
cde2a1b3ef89f2b4c7a2048fa2d959e02c29008e
-
SHA256
352dd25fbf999c5e12526187390be9af7019db7c165f2e9e76fe7d1cd4bece3b
-
SHA512
5db78c6c157174cac8f010e8cf00d412a10703dd543ad224c7d81cb9b65b0a03891be95615dc57165761d433a673f316495e825e7a615d57b08b846fb3e52304
-
SSDEEP
192:7al+MLo8v/PwzaektqslX6IOGiMwEauPFUHDBxvu+6wFguGZAqd7:7+dvnvKhGavuPyjBcTZAqd
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1356 1836 WerFault.exe 26 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1836 ORDER3763873.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1836 wrote to memory of 1356 1836 ORDER3763873.exe 27 PID 1836 wrote to memory of 1356 1836 ORDER3763873.exe 27 PID 1836 wrote to memory of 1356 1836 ORDER3763873.exe 27 PID 1836 wrote to memory of 1356 1836 ORDER3763873.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\ORDER3763873.exe"C:\Users\Admin\AppData\Local\Temp\ORDER3763873.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1836 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 10482⤵
- Program crash
PID:1356
-