Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
175s -
max time network
26s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11/10/2023, 12:09
Static task
static1
Behavioral task
behavioral1
Sample
c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe
Resource
win10v2004-20230915-en
General
-
Target
c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe
-
Size
2.8MB
-
MD5
09fb3611b349370ee24b52e50565c93a
-
SHA1
55f29091186b29507b83203d857c031986a6fbc1
-
SHA256
c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6
-
SHA512
1e6389cf421b94c612d6e08e97bb6a02c3e8c0a4c6fbf6a1da22154a57463a5583463a52467da40d338944fbfc2ca4930c75f36de2b0899d90c56f03c500b65c
-
SSDEEP
24576:Xqw0YZamDvaBX7Z1RzjvI2nStBf0+Ec0xMk58UsU3AoXTnidt9s91b:aw0YZamk7JvtQITnidt9s91b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2604 wrote to memory of 2708 2604 c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe 30 PID 2604 wrote to memory of 2708 2604 c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe 30 PID 2604 wrote to memory of 2708 2604 c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe"C:\Users\Admin\AppData\Local\Temp\c802b23b2900c2cd309a2e4d2e92074d22401c905d4fc1a1d91a6810d9e237b6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2604 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2604 -s 562⤵PID:2708
-