Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 12:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6ccd150ccddcfd3eef48d58d91d0c2f1.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6ccd150ccddcfd3eef48d58d91d0c2f1.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
6ccd150ccddcfd3eef48d58d91d0c2f1.exe
-
Size
575KB
-
MD5
6ccd150ccddcfd3eef48d58d91d0c2f1
-
SHA1
8ef91db185cc2e0cf70c3f0f469244e129e1ba33
-
SHA256
663bd10337642b101c536b982c16f08f933fcfb4c179871a7557e5812a04cee1
-
SHA512
d5956754d74b0392f3df41b34eba703c193956d28bea3f5e3f1c015021ff28f10bc7e253f2662cad093b92ac6bce3d1ada926d578689994bb4bfa70e59177f68
-
SSDEEP
12288:0Z1BH/A2cwLLLm/udfilv97wDrBcW2U28q7xBEoQRjBxq2hdtecHJo1j2a2s9Bgr:05H421hquSBpOBxLhdtecK1jt28gxPp
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2204 628 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 628 wrote to memory of 2204 628 6ccd150ccddcfd3eef48d58d91d0c2f1.exe 16 PID 628 wrote to memory of 2204 628 6ccd150ccddcfd3eef48d58d91d0c2f1.exe 16 PID 628 wrote to memory of 2204 628 6ccd150ccddcfd3eef48d58d91d0c2f1.exe 16 PID 628 wrote to memory of 2204 628 6ccd150ccddcfd3eef48d58d91d0c2f1.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ccd150ccddcfd3eef48d58d91d0c2f1.exe"C:\Users\Admin\AppData\Local\Temp\6ccd150ccddcfd3eef48d58d91d0c2f1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 1682⤵
- Program crash
PID:2204
-