Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27/05/2023, 21:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VoicemodDesktop.exe
Resource
win7-20230220-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
VoicemodDesktop.exe
Resource
win10v2004-20230220-en
2 signatures
150 seconds
General
-
Target
VoicemodDesktop.exe
-
Size
5.3MB
-
MD5
2a3c1a98a7e076e69e72173754be7828
-
SHA1
cafd5d51d287fef1f7b8d3f75c6a91d573e0744f
-
SHA256
176065ce145a080d2c13128c05d3f6ee83de37ca4b61aa3b4188c2d53b4f2725
-
SHA512
fecc484293b5b13021f1d2b84e969c42c684a8e74b8f16d7017f8e9efd04935887f4b47f4acf153e62761a360fa6277db9433b25b4322173c258bfd841680e23
-
SSDEEP
49152:wQgAw1Zh83bXY7rDNIgQUue5zg2+GS7vCco09j5B3fBolyKmyiIgQUue5zg2:wRAPbUDWdUuesCevZjQylWdUues
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2036 1220 WerFault.exe 26 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1220 VoicemodDesktop.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1220 wrote to memory of 2036 1220 VoicemodDesktop.exe 27 PID 1220 wrote to memory of 2036 1220 VoicemodDesktop.exe 27 PID 1220 wrote to memory of 2036 1220 VoicemodDesktop.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\VoicemodDesktop.exe"C:\Users\Admin\AppData\Local\Temp\VoicemodDesktop.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1220 -s 6322⤵
- Program crash
PID:2036
-