Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2022, 00:49
Static task
static1
Behavioral task
behavioral1
Sample
457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe
Resource
win10v2004-20220901-en
General
-
Target
457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe
-
Size
372KB
-
MD5
0669e20bc2b7413d6922703062e062c3
-
SHA1
91d27f75ddfd7b245b6c09f2ecaab8c5ab7e4a11
-
SHA256
457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565
-
SHA512
a1c46657e77cd489f9c90672cbb33394066ec54735cb3ca203d4b1e1e1a4aba2177e5d886d1031b8367c674a2f03b0243038ef6f5c607d24f38a94094bda7b38
-
SSDEEP
6144:pl+Cd34MXtksceFm9aqFKT6Gb8iz/DCaiCJPoel9WenNaH+VJ91sXgpEVGP:K/qksceSYjv+alPoel9/04eAP
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1664 set thread context of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 -
Program crash 1 IoCs
pid pid_target Process procid_target 2608 2184 WerFault.exe 82 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82 PID 1664 wrote to memory of 2184 1664 457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe"C:\Users\Admin\AppData\Local\Temp\457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664 -
C:\Users\Admin\AppData\Local\Temp\457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exeC:\Users\Admin\AppData\Local\Temp\457e574c618ce574e4da279a4b6532cebed956ee0a430f6f48b60e9aef971565.exe2⤵PID:2184
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 5043⤵
- Program crash
PID:2608
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2184 -ip 21841⤵PID:220