Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/10/2022, 04:15
Static task
static1
Behavioral task
behavioral1
Sample
cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe
-
Size
216KB
-
MD5
5f1be5061d0b43c0c3bda688543f6b20
-
SHA1
5505ccfaa16cff45350f27ecb2d4b93901136ff3
-
SHA256
cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d
-
SHA512
5ded78d5c7b197458e128f69d7afef7c93db3447eef4ae438b9bbe0e654ec7f487aff5e4c2bf396022494aee3496903199faf5ec3575759546dc5c3a1b10433f
-
SSDEEP
6144:up5p9qAZcR/6TkINwl3EagHlwJKrqGoci:859C1GagHwOqFJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1696 240 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 240 wrote to memory of 1696 240 cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe 28 PID 240 wrote to memory of 1696 240 cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe 28 PID 240 wrote to memory of 1696 240 cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe 28 PID 240 wrote to memory of 1696 240 cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe"C:\Users\Admin\AppData\Local\Temp\cf29e470ef76e7183e7fa9799d9a8cb38ebf6acd3d8c378dfb220b221ed44e4d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:240 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 1362⤵
- Program crash
PID:1696
-