Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 21:24
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
04638fef3b1b0f5d6f48cee9245a5723.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
04638fef3b1b0f5d6f48cee9245a5723.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
04638fef3b1b0f5d6f48cee9245a5723.exe
-
Size
56KB
-
MD5
04638fef3b1b0f5d6f48cee9245a5723
-
SHA1
26153c8f40488f09e1f32977771b27545c84c3e7
-
SHA256
6abb9fcfecddf41131b418dccdd8b28582c3d1478d7193a4318369f951f305a9
-
SHA512
e63de346e5f52d707e5001f6c95201c17ce2637e23f168cbb129b84e1818aabaaa7949c87dbe52f4c635f838ed1ff90ca724904a1ceaee2fdd7be3d499a357d8
-
SSDEEP
1536:P7HFVvRSIPdAssJA7ZbS6omQUJk7dWHkc:P7HPvRjlrjZbS6i7dh
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1384 1620 WerFault.exe 25 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1620 wrote to memory of 1384 1620 04638fef3b1b0f5d6f48cee9245a5723.exe 28 PID 1620 wrote to memory of 1384 1620 04638fef3b1b0f5d6f48cee9245a5723.exe 28 PID 1620 wrote to memory of 1384 1620 04638fef3b1b0f5d6f48cee9245a5723.exe 28 PID 1620 wrote to memory of 1384 1620 04638fef3b1b0f5d6f48cee9245a5723.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\04638fef3b1b0f5d6f48cee9245a5723.exe"C:\Users\Admin\AppData\Local\Temp\04638fef3b1b0f5d6f48cee9245a5723.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 882⤵
- Program crash
PID:1384
-