Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 15:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2add40e1a72b368d297dfe0bdc56837f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2add40e1a72b368d297dfe0bdc56837f.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
2add40e1a72b368d297dfe0bdc56837f.exe
-
Size
9KB
-
MD5
2add40e1a72b368d297dfe0bdc56837f
-
SHA1
bfbbc99ca061441987dfdc78e46ef82552bffc89
-
SHA256
43e35bea8839b9ea66f37ec17e3ef77b22d1dcbcae597fcb082ac936398506d9
-
SHA512
97664d9174fea49e73c4189eb2c13285951a9a03088a3faf74a254b36b719ca1d4c1fa6e8307301cae070efbb882714ccaf17ca621385a0758eec5dc41b92cbd
-
SSDEEP
192:FONBksuPE7+goG7yeMZZ3C93VnjdwqzX383H+:FQ2G7yeM+FnhwqDM3H
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2664 2add40e1a72b368d297dfe0bdc56837f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2712 2664 2add40e1a72b368d297dfe0bdc56837f.exe 28 PID 2664 wrote to memory of 2712 2664 2add40e1a72b368d297dfe0bdc56837f.exe 28 PID 2664 wrote to memory of 2712 2664 2add40e1a72b368d297dfe0bdc56837f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2add40e1a72b368d297dfe0bdc56837f.exe"C:\Users\Admin\AppData\Local\Temp\2add40e1a72b368d297dfe0bdc56837f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2664 -s 9002⤵PID:2712
-