Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2022, 13:14
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
4 signatures
150 seconds
General
-
Target
file.exe
-
Size
2.4MB
-
MD5
2b467f0545b1981e30aceab51e059e20
-
SHA1
65ec505e1a3334d53277c046d5e674bf3c742947
-
SHA256
def5d151079b3b584206933fcac5c5d0e51964a6662e36c9d067c9602f3768dd
-
SHA512
8878025af4bc1d0a6aefb774665f7af41c838eaea082125e8f6f2175b574fcabcd89b7c7d59f693c70357441f11d3e719beda155ee1903a5d7270d890e864613
-
SSDEEP
49152:UnaWAw8smNMJgOX3gPesC3Uw9Yo9KsQnOymdOo/HwXQdEF6:Unavs2MmOnc/wQSVAF6
Score
7/10
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4700 set thread context of 3960 4700 file.exe 82 -
Program crash 1 IoCs
pid pid_target Process procid_target 1760 4700 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 4700 wrote to memory of 3960 4700 file.exe 82 PID 4700 wrote to memory of 3960 4700 file.exe 82 PID 4700 wrote to memory of 3960 4700 file.exe 82 PID 4700 wrote to memory of 3960 4700 file.exe 82 PID 4700 wrote to memory of 3960 4700 file.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4700 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵PID:3960
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 2762⤵
- Program crash
PID:1760
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4700 -ip 47001⤵PID:1872