Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 15:19
Static task
static1
Behavioral task
behavioral1
Sample
e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe
Resource
win10v2004-20220812-en
General
-
Target
e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe
-
Size
84KB
-
MD5
1319ba657737e460ad9c2401a2757320
-
SHA1
cd7425fba09f79059e0325ac2fa97156f41dfcb0
-
SHA256
e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6
-
SHA512
31465a64ba0438b83dca7e1db858134bfb9e2b8fa2b288263b313ae91670ca38e6a7a4a77a16bdaa1fa78e98dbf5442f48010b8c206b1e9457ab3ffae7598b5b
-
SSDEEP
768:v3ncJu5hBXF2pmiq2V41xNmAFgGyi4XwP13GT9W28z/zMp5xAFiE3s:v3cJu5hBVWq2kN6LXwPVGT9lgA5gs
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1872 1216 WerFault.exe 14 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\SOFTWARE\Microsoft\Internet Explorer\Main e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Display Inline Images = "yes" e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1400 e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe 1400 e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 1400 wrote to memory of 1216 1400 e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe"C:\Users\Admin\AppData\Local\Temp\e2ff73e884b302566f092150fee820060e9d47a594d7c1214de3b6fc053fbfd6.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1400
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1216
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1216 -s 17842⤵
- Program crash
PID:1872
-