Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 05:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
10850ecce14b6d77303698c977c2a3b1.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
10850ecce14b6d77303698c977c2a3b1.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
10850ecce14b6d77303698c977c2a3b1.exe
-
Size
66KB
-
MD5
10850ecce14b6d77303698c977c2a3b1
-
SHA1
87f5e15c7d9da5b222e47cb5b1ad83110e86ea7a
-
SHA256
fc470ef58a0a8fb094d0253b09d5e8c4dc6efafba01d14494a49b59483700cc5
-
SHA512
5bc49d3872d23ea229cc6bce6fb91cf3211d273c210583fec39b667a53843cd56449073081c442b012f71240a89542f793643654b5d83913c4557ca1fcc04e6f
-
SSDEEP
1536:0HAxJx1pbs3VPdI5gdhxfjhZPkoce7VXmdvUZnJM:yAVbuVS5gdhxfllXd7YNUZnW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 3004 2932 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2932 wrote to memory of 3004 2932 10850ecce14b6d77303698c977c2a3b1.exe 16 PID 2932 wrote to memory of 3004 2932 10850ecce14b6d77303698c977c2a3b1.exe 16 PID 2932 wrote to memory of 3004 2932 10850ecce14b6d77303698c977c2a3b1.exe 16 PID 2932 wrote to memory of 3004 2932 10850ecce14b6d77303698c977c2a3b1.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 881⤵
- Program crash
PID:3004
-
C:\Users\Admin\AppData\Local\Temp\10850ecce14b6d77303698c977c2a3b1.exe"C:\Users\Admin\AppData\Local\Temp\10850ecce14b6d77303698c977c2a3b1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2932