Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
169s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 21:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3c9b59f2a1120edd8bf23fdf31ba190f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3c9b59f2a1120edd8bf23fdf31ba190f.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
3c9b59f2a1120edd8bf23fdf31ba190f.exe
-
Size
5.8MB
-
MD5
3c9b59f2a1120edd8bf23fdf31ba190f
-
SHA1
2147b9841d88993a1400f2656ac007b3d670a25f
-
SHA256
91875e11e8092f793d8a865db06c57fa502d4e0c118260f04ed0ca33f0d10338
-
SHA512
432dec7a2c6b713ec588cd038cf66b7ae73750c1b8df7274991b818ea0c15fab3cf2f777b63f2152d57c64e3b77f8bee71018f5a27cf5996a9e2ec5605ee1d32
-
SSDEEP
98304:RRma+F7nY1tp40mMlQ7dNxE39DmKsBpJVHKEOiMcgN:CPF7YxPmLdXID7s/bvW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2712 2796 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2796 wrote to memory of 2712 2796 3c9b59f2a1120edd8bf23fdf31ba190f.exe 29 PID 2796 wrote to memory of 2712 2796 3c9b59f2a1120edd8bf23fdf31ba190f.exe 29 PID 2796 wrote to memory of 2712 2796 3c9b59f2a1120edd8bf23fdf31ba190f.exe 29 PID 2796 wrote to memory of 2712 2796 3c9b59f2a1120edd8bf23fdf31ba190f.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c9b59f2a1120edd8bf23fdf31ba190f.exe"C:\Users\Admin\AppData\Local\Temp\3c9b59f2a1120edd8bf23fdf31ba190f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 922⤵
- Program crash
PID:2712
-