Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 22:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
05a0bda001b2ff4e20f19e29ad140a12.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
05a0bda001b2ff4e20f19e29ad140a12.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
05a0bda001b2ff4e20f19e29ad140a12.exe
-
Size
545KB
-
MD5
05a0bda001b2ff4e20f19e29ad140a12
-
SHA1
44e55ecacd844602576f0be49338e33cf4ef180f
-
SHA256
42b0320eb694c869335fa4a465bfbd5e0ed3c03f1bff8f9c2099cb6a1ca8da87
-
SHA512
99f176e649fd78ab547b39cff1b78af776ce393a9dbc35ce0bd19cbd395e01f06ab8efc784fd9a3397cc649356a84f30fc163c96da4949d71287531f6f760615
-
SSDEEP
12288:Aek75+D8tY8E/6BvSWsh3IEGpzK6FSkFvnrOfx3Ka7kaP009vQ:ZEG8s68WshY5pzvrOfdKqkaP0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3008 2996 WerFault.exe 10 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2996 wrote to memory of 3008 2996 05a0bda001b2ff4e20f19e29ad140a12.exe 28 PID 2996 wrote to memory of 3008 2996 05a0bda001b2ff4e20f19e29ad140a12.exe 28 PID 2996 wrote to memory of 3008 2996 05a0bda001b2ff4e20f19e29ad140a12.exe 28 PID 2996 wrote to memory of 3008 2996 05a0bda001b2ff4e20f19e29ad140a12.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\05a0bda001b2ff4e20f19e29ad140a12.exe"C:\Users\Admin\AppData\Local\Temp\05a0bda001b2ff4e20f19e29ad140a12.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 1522⤵
- Program crash
PID:3008
-