Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 11:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6ab4762cee0e739e1d6b7f58b5bc9842.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6ab4762cee0e739e1d6b7f58b5bc9842.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
6ab4762cee0e739e1d6b7f58b5bc9842.exe
-
Size
548KB
-
MD5
6ab4762cee0e739e1d6b7f58b5bc9842
-
SHA1
1c79bdb346efc986e080ec84defb3f4989c661cb
-
SHA256
49bbb5187b1ba35c9b1b3b18a8dc254b5ad10a5acb3d93fac6475f7dcc8bc4ae
-
SHA512
bfab3d0a1d1a18ebee625f8319a6db045d8d63f9057429d75b2af2c3f52d25e2fd9c62dceb173ff67d344a14cce78be12d512307d2a25bd8cfe34a2263fcebcc
-
SSDEEP
12288:fcUMrnatdIKCHbm/vNeDuUl8btYLPsfEHlWs9ap:fIndwV5x+kclEp
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2272 2512 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 2272 2512 6ab4762cee0e739e1d6b7f58b5bc9842.exe 15 PID 2512 wrote to memory of 2272 2512 6ab4762cee0e739e1d6b7f58b5bc9842.exe 15 PID 2512 wrote to memory of 2272 2512 6ab4762cee0e739e1d6b7f58b5bc9842.exe 15 PID 2512 wrote to memory of 2272 2512 6ab4762cee0e739e1d6b7f58b5bc9842.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ab4762cee0e739e1d6b7f58b5bc9842.exe"C:\Users\Admin\AppData\Local\Temp\6ab4762cee0e739e1d6b7f58b5bc9842.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 1442⤵
- Program crash
PID:2272
-