Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 09:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6281a0a9f6f19c89c214f6b30162beee.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6281a0a9f6f19c89c214f6b30162beee.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
6281a0a9f6f19c89c214f6b30162beee.exe
-
Size
482KB
-
MD5
6281a0a9f6f19c89c214f6b30162beee
-
SHA1
f1ed7d927691a6e5430e18773a24792f8c4c9d55
-
SHA256
26e3b015bf429f8f829e691a17c4941a16f38506af5dce4503e9ba3e37cb575b
-
SHA512
498155c86162eaa19454c4c6fc28c1f6f006aee5fd075b778ce5250bfee23cf62a15445a9596eba97916e38d416cec565055b91abb5675eaf3816f08e3011cbd
-
SSDEEP
12288:Kk+vceJ2HfgG+26geCaZmS1Q+e0mZs9ELXqs76GK:4vzeg7RWagsPe0mC0R76GK
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2372 2096 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2372 2096 6281a0a9f6f19c89c214f6b30162beee.exe 28 PID 2096 wrote to memory of 2372 2096 6281a0a9f6f19c89c214f6b30162beee.exe 28 PID 2096 wrote to memory of 2372 2096 6281a0a9f6f19c89c214f6b30162beee.exe 28 PID 2096 wrote to memory of 2372 2096 6281a0a9f6f19c89c214f6b30162beee.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\6281a0a9f6f19c89c214f6b30162beee.exe"C:\Users\Admin\AppData\Local\Temp\6281a0a9f6f19c89c214f6b30162beee.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 1922⤵
- Program crash
PID:2372
-