Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
30/12/2022, 07:33
Static task
static1
Behavioral task
behavioral1
Sample
FedEx Shipment doc.exe
Resource
win7-20220901-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
FedEx Shipment doc.exe
Resource
win10v2004-20220812-en
8 signatures
150 seconds
General
-
Target
FedEx Shipment doc.exe
-
Size
1023KB
-
MD5
18de2e338f8ebe55f152a8ba52742175
-
SHA1
cd5538e2c8bc84605d5b5997596bf3d37872757d
-
SHA256
f9ffa58b5dd142b4f6e87a1c7fb8915a1d2054c5ffeda62eab078c8f5b1ef644
-
SHA512
f554a6e43e63e53248bff7227aa348551fa04bf1067ae8806978caca598e271835672e2f555c2fe1c77fbdfd21f6cd5b5d574729cfbc18fb586925ed5736c18a
-
SSDEEP
12288:lBp2iN1/Sr+p1kZdu8oNVHiy84VHKmZ5cLfEg5yBqVxRH8c+9eFf+mDXttarruVI:lL1e+1k/W5ilaHkjEUKq5H80
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 1672 FedEx Shipment doc.exe 1672 FedEx Shipment doc.exe 1672 FedEx Shipment doc.exe 1672 FedEx Shipment doc.exe 1672 FedEx Shipment doc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1672 FedEx Shipment doc.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 1672 wrote to memory of 1696 1672 FedEx Shipment doc.exe 27 PID 1672 wrote to memory of 1696 1672 FedEx Shipment doc.exe 27 PID 1672 wrote to memory of 1696 1672 FedEx Shipment doc.exe 27 PID 1672 wrote to memory of 1696 1672 FedEx Shipment doc.exe 27 PID 1672 wrote to memory of 1620 1672 FedEx Shipment doc.exe 28 PID 1672 wrote to memory of 1620 1672 FedEx Shipment doc.exe 28 PID 1672 wrote to memory of 1620 1672 FedEx Shipment doc.exe 28 PID 1672 wrote to memory of 1620 1672 FedEx Shipment doc.exe 28 PID 1672 wrote to memory of 576 1672 FedEx Shipment doc.exe 29 PID 1672 wrote to memory of 576 1672 FedEx Shipment doc.exe 29 PID 1672 wrote to memory of 576 1672 FedEx Shipment doc.exe 29 PID 1672 wrote to memory of 576 1672 FedEx Shipment doc.exe 29 PID 1672 wrote to memory of 1500 1672 FedEx Shipment doc.exe 30 PID 1672 wrote to memory of 1500 1672 FedEx Shipment doc.exe 30 PID 1672 wrote to memory of 1500 1672 FedEx Shipment doc.exe 30 PID 1672 wrote to memory of 1500 1672 FedEx Shipment doc.exe 30 PID 1672 wrote to memory of 1100 1672 FedEx Shipment doc.exe 31 PID 1672 wrote to memory of 1100 1672 FedEx Shipment doc.exe 31 PID 1672 wrote to memory of 1100 1672 FedEx Shipment doc.exe 31 PID 1672 wrote to memory of 1100 1672 FedEx Shipment doc.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"2⤵PID:1696
-
-
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"2⤵PID:1620
-
-
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"2⤵PID:576
-
-
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"2⤵PID:1500
-
-
C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"C:\Users\Admin\AppData\Local\Temp\FedEx Shipment doc.exe"2⤵PID:1100
-