Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
27/11/2023, 19:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1010f2576e4eb5d2af36fd8ce9e5adf0.exe
Resource
win7-20231023-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1010f2576e4eb5d2af36fd8ce9e5adf0.exe
Resource
win10v2004-20231025-en
1 signatures
150 seconds
General
-
Target
1010f2576e4eb5d2af36fd8ce9e5adf0.exe
-
Size
396KB
-
MD5
1010f2576e4eb5d2af36fd8ce9e5adf0
-
SHA1
bd7fd278e427b75b0fd7ebe0000ae3506c711e4f
-
SHA256
596c0b0f7b5a610f19de379f56720e33cc832ff48e5498c72e0608a7b2cd95cf
-
SHA512
03cbd43104175abd87984625288885ab2b2e3ffe1f3ee460ace64f86d2fcbbd047c8c40e586c9e2ad0fcc305b9bdf6d70038fbe80272aeb7f81f8b1f45edbed4
-
SSDEEP
6144:Z1VizB/7gy4JXwuj5V8MYdgu2jZYgHHORDB/1j10bEVDx:Z1VizB/0yyh5V8M0gVZYEHORl/D
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3036 2136 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2136 wrote to memory of 3036 2136 1010f2576e4eb5d2af36fd8ce9e5adf0.exe 28 PID 2136 wrote to memory of 3036 2136 1010f2576e4eb5d2af36fd8ce9e5adf0.exe 28 PID 2136 wrote to memory of 3036 2136 1010f2576e4eb5d2af36fd8ce9e5adf0.exe 28 PID 2136 wrote to memory of 3036 2136 1010f2576e4eb5d2af36fd8ce9e5adf0.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1010f2576e4eb5d2af36fd8ce9e5adf0.exe"C:\Users\Admin\AppData\Local\Temp\1010f2576e4eb5d2af36fd8ce9e5adf0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 362⤵
- Program crash
PID:3036
-