Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230824-en -
resource tags
arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system -
submitted
30/08/2023, 20:57
Static task
static1
Behavioral task
behavioral1
Sample
12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe
Resource
win10v2004-20230703-en
General
-
Target
12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe
-
Size
4.7MB
-
MD5
03a9ab49481700ca5158490a28207352
-
SHA1
9c9d69ec83a462ecaff20237ce6a8d2abecf7565
-
SHA256
12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a
-
SHA512
07965112399cee02c2d94d009d7bfa7af60e291be133c287b6e88d14c1f907862fccc5e416f05cf4073e6df2755c0f589be9a9400b28224a9ebbb087a80025c5
-
SSDEEP
98304:FzYQI5ti+0KDBqE6NYmnTvUUM1cBx1ZcJ0ztrxNNgkG:FJ+0+JNNc1ZrLWkG
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2112-3-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-2-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-4-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-6-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-10-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-12-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-8-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-14-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-17-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-19-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-23-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-21-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-25-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-27-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-31-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-33-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-29-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-35-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-37-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-39-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-41-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-45-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-43-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/2112-46-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2672 2112 WerFault.exe 28 -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2112 wrote to memory of 2672 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 29 PID 2112 wrote to memory of 2672 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 29 PID 2112 wrote to memory of 2672 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 29 PID 2112 wrote to memory of 2672 2112 12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe"C:\Users\Admin\AppData\Local\Temp\12d0a25ff848295cb292791889d1ff117de7c95adbc5cf7f4d666216e2ab495a.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 3082⤵
- Program crash
PID:2672
-