Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 00:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1b8dd9ef1122d9d2eb12ad5321d76a98.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1b8dd9ef1122d9d2eb12ad5321d76a98.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
1b8dd9ef1122d9d2eb12ad5321d76a98.exe
-
Size
284KB
-
MD5
1b8dd9ef1122d9d2eb12ad5321d76a98
-
SHA1
d407f81c8b1ab477a1ec63d2b828bf5fcb723508
-
SHA256
293c1ade7452ca7ce505702ce799b7d0355f15dd860f67531e38a7a8de3ac36a
-
SHA512
de29c79f4490716f158f8ec0bcf67f4851a23aff45a2c193787376bb02d2041182737c958ea810fc1150853fc824169f4dd6e5b6289c4b6963c507abb56de15e
-
SSDEEP
3072:uA1ehl/69NcG3QAP6MmsCXHldHjEcCWQLwBVYvr:uDl/UcQPkFFjGWbyr
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2016 2028 WerFault.exe 5 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2028 wrote to memory of 2016 2028 1b8dd9ef1122d9d2eb12ad5321d76a98.exe 28 PID 2028 wrote to memory of 2016 2028 1b8dd9ef1122d9d2eb12ad5321d76a98.exe 28 PID 2028 wrote to memory of 2016 2028 1b8dd9ef1122d9d2eb12ad5321d76a98.exe 28 PID 2028 wrote to memory of 2016 2028 1b8dd9ef1122d9d2eb12ad5321d76a98.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b8dd9ef1122d9d2eb12ad5321d76a98.exe"C:\Users\Admin\AppData\Local\Temp\1b8dd9ef1122d9d2eb12ad5321d76a98.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 1202⤵
- Program crash
PID:2016
-