Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 23:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
06fb38b2a6caf25ca05526e04d78e16f.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
06fb38b2a6caf25ca05526e04d78e16f.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
06fb38b2a6caf25ca05526e04d78e16f.exe
-
Size
1.0MB
-
MD5
06fb38b2a6caf25ca05526e04d78e16f
-
SHA1
395bf833bcd4a6b0baad95b9e9266ce56112aad9
-
SHA256
36b114f019d94d663cdb01b3a5362ef455988560da01eeeb6ac557c6ae3df5b8
-
SHA512
accef07c4366e944019ab4bac546550ccce98bf1ed65ee6d4836c0cd531c0bce5f894e609254c5c2ff1102ee4dd0ba9992f17219b69b1a610fa45ec8500cfd2b
-
SSDEEP
24576:BiM5uIshBc6ReEJwdQx5L9MFy75C7HMIPg8oUvl:Puj06wdU9MZMmtt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2700 2800 WerFault.exe 21 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2800 wrote to memory of 2700 2800 06fb38b2a6caf25ca05526e04d78e16f.exe 29 PID 2800 wrote to memory of 2700 2800 06fb38b2a6caf25ca05526e04d78e16f.exe 29 PID 2800 wrote to memory of 2700 2800 06fb38b2a6caf25ca05526e04d78e16f.exe 29 PID 2800 wrote to memory of 2700 2800 06fb38b2a6caf25ca05526e04d78e16f.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\06fb38b2a6caf25ca05526e04d78e16f.exe"C:\Users\Admin\AppData\Local\Temp\06fb38b2a6caf25ca05526e04d78e16f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2800 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 2082⤵
- Program crash
PID:2700
-