Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
10/07/2023, 14:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c3aee7151ee617exeexeexeex.exe
Resource
win7-20230703-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
c3aee7151ee617exeexeexeex.exe
Resource
win10v2004-20230703-en
2 signatures
150 seconds
General
-
Target
c3aee7151ee617exeexeexeex.exe
-
Size
1.1MB
-
MD5
c3aee7151ee617cab6cd470a226ff028
-
SHA1
da352af2d20a5bf5fec854261c5724f7269eeaa6
-
SHA256
5ff384f3c247b8a8d159f7818c36ba3cb57dc9e2833830ee0923142a3438fdc3
-
SHA512
b9cb5ca79841927dde8479578818945966389eced2a950d4b7f78eef81e27ee78b27a774d6c469030f438d0b0333954be3105d86c40953208d9b6329ff9104cb
-
SSDEEP
24576:I5Rn96MtjKklcLoUYa0E8kzbusf2AtMorIbsrg33:QRndtjKkkoUj0E8/shQOi3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2208 2288 WerFault.exe 28 -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2288 c3aee7151ee617exeexeexeex.exe 2288 c3aee7151ee617exeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2288 wrote to memory of 2208 2288 c3aee7151ee617exeexeexeex.exe 29 PID 2288 wrote to memory of 2208 2288 c3aee7151ee617exeexeexeex.exe 29 PID 2288 wrote to memory of 2208 2288 c3aee7151ee617exeexeexeex.exe 29 PID 2288 wrote to memory of 2208 2288 c3aee7151ee617exeexeexeex.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3aee7151ee617exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\c3aee7151ee617exeexeexeex.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 3162⤵
- Program crash
PID:2208
-