Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 23:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1fceedc6f1cff86611a171685758bd6c.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1fceedc6f1cff86611a171685758bd6c.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
1fceedc6f1cff86611a171685758bd6c.exe
-
Size
388KB
-
MD5
1fceedc6f1cff86611a171685758bd6c
-
SHA1
00020ecfe2f1b38469cd03efef4c5ff7687d9f62
-
SHA256
98dc90751e96eee4a80852e5d6bd7567a03ef046f96ed30a6ac9e0c5a879625b
-
SHA512
fcd3bd54d9b410371196aa7ccfa0b37c0688184e07c5912eda4d687bc46a8bfa3bfc5d74184c84c2607a8b92aa1cd502750baf377acb4939e24c4397ac9a915f
-
SSDEEP
3072:e2voeN+jaiG17Ef5KlrKnBZ59oZSmveDlcjIV8jlwIxU+V4EFFCcll3H3rH3XD7U:ZQeNai17Y56rKnBfWhveajzxwIxU
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2192 688 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 688 wrote to memory of 2192 688 1fceedc6f1cff86611a171685758bd6c.exe 29 PID 688 wrote to memory of 2192 688 1fceedc6f1cff86611a171685758bd6c.exe 29 PID 688 wrote to memory of 2192 688 1fceedc6f1cff86611a171685758bd6c.exe 29 PID 688 wrote to memory of 2192 688 1fceedc6f1cff86611a171685758bd6c.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fceedc6f1cff86611a171685758bd6c.exe"C:\Users\Admin\AppData\Local\Temp\1fceedc6f1cff86611a171685758bd6c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:688 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 1002⤵
- Program crash
PID:2192
-