Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 16:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7b59e1a6f499159e22f52b6a11e38654.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7b59e1a6f499159e22f52b6a11e38654.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
7b59e1a6f499159e22f52b6a11e38654.exe
-
Size
367KB
-
MD5
7b59e1a6f499159e22f52b6a11e38654
-
SHA1
7eefa47e3e99ab31afdfa4745cf575780ca1d4fb
-
SHA256
85bd5d62c3f0205d57906f65f8384379a41b5cb27dcafdb369a19dacb875204f
-
SHA512
061372ed9c69876b0000421af2c94a709e2803d974ce40a7bd328ff25906154854c590b1ac32c2adc43219b0f299c730a1b2bec628ffcd6b9f294e271b2bdaf8
-
SSDEEP
6144:rpEcAd/Mm5ZkyUneRTnJOmQ4W4/6zA5K0TzJRCp4xRvKUllD/W13+y:rTAOm5eyUnJmCzAXTzJR3RvK6lCwy
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2004 1680 WerFault.exe 19 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2004 1680 7b59e1a6f499159e22f52b6a11e38654.exe 28 PID 1680 wrote to memory of 2004 1680 7b59e1a6f499159e22f52b6a11e38654.exe 28 PID 1680 wrote to memory of 2004 1680 7b59e1a6f499159e22f52b6a11e38654.exe 28 PID 1680 wrote to memory of 2004 1680 7b59e1a6f499159e22f52b6a11e38654.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b59e1a6f499159e22f52b6a11e38654.exe"C:\Users\Admin\AppData\Local\Temp\7b59e1a6f499159e22f52b6a11e38654.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 1162⤵
- Program crash
PID:2004
-