Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 09:51 UTC
Static task
static1
Behavioral task
behavioral1
Sample
e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe
-
Size
180KB
-
MD5
2efbe67e13c2d5f04b71a5d21e3dae72
-
SHA1
a8b03629b5bc24d9a9003567fcbbc868f88d6bc9
-
SHA256
e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4
-
SHA512
8eef0b7917d1f1bbd23b75f2fe5e1ff9a15e9d4759a5991511eb05dcfddce534022dc42c4bfb830d418ce996c9b6cbc64a31fadbf28b7fc817b80d27bba84ff8
-
SSDEEP
3072:pCbLSL5zAsdHm490ySm1EcOYG3aa+zvRz5N8uy:pCPq+EHm49mMEB8vXNhy
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1620 1612 WerFault.exe 25 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1612 wrote to memory of 1620 1612 e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe 26 PID 1612 wrote to memory of 1620 1612 e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe 26 PID 1612 wrote to memory of 1620 1612 e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe 26 PID 1612 wrote to memory of 1620 1612 e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe"C:\Users\Admin\AppData\Local\Temp\e86771720e10a7fef6720d022604a6b5e57280fa90fdaf2c25725307720475b4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 1482⤵
- Program crash
PID:1620
-