Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
185s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 13:14
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
2 signatures
150 seconds
General
-
Target
file.exe
-
Size
1.6MB
-
MD5
99a680e7d710652344ed23a9fe40e832
-
SHA1
0a60ed32ba9c50d437d66bca85f48c05798c0d40
-
SHA256
dfd88d1b834dac64cb82037099eff4e0d062011c712b7d413041a801ba0ac0ae
-
SHA512
6080cd8ae8df3bfb958c390ad018916885b4bb7fee6233d717907fe6abcd5a6a0434da872497277bcc71edbfe44970cc8a28f0cabed26cde1bb0c4fb06b40bab
-
SSDEEP
24576:xefSX7ktn93nXwm9pn0vONAbkqkQyHNbRfdJuOfA45TLqJqJFBURqUH:c6r4ZnWPQqkQIdw0ASJF+qUH
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 5076 1444 WerFault.exe 79 2244 1444 WerFault.exe 79 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1444 wrote to memory of 5076 1444 file.exe 82 PID 1444 wrote to memory of 5076 1444 file.exe 82 PID 1444 wrote to memory of 5076 1444 file.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 3762⤵
- Program crash
PID:5076
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 3762⤵
- Program crash
PID:2244
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 1444 -ip 14441⤵PID:4820