Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2022, 00:39
Static task
static1
Behavioral task
behavioral1
Sample
011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe
Resource
win10v2004-20220812-en
General
-
Target
011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe
-
Size
32KB
-
MD5
c8c9a0d25668c7e24921ca201d9cd184
-
SHA1
2cabb0f0a04a9793f23e5fb074cc3f7286b4ca9c
-
SHA256
011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887
-
SHA512
66bbe936783e0cf2376abe4a046c9299073317867b3880c463fc36721e4d373f638266a2a40344631594cd10f00beb3a551da0bc31bfe718dab4d8f43ec31f0e
-
SSDEEP
768:Hmkj8SrrV6SmmOnXPpMsXo5SL4uUrAoC8tR:vrV1HOnXxroCQR
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4928 4768 WerFault.exe 81 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4768 011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe"C:\Users\Admin\AppData\Local\Temp\011713a97b79b84274f4988ec982736750f03541eb7f6599743ed8ee6abb7887.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4768 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 4642⤵
- Program crash
PID:4928
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4768 -ip 47681⤵PID:4968