Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 07:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
11bb7b1337145ab6347db7bbd6a08982.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
11bb7b1337145ab6347db7bbd6a08982.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
11bb7b1337145ab6347db7bbd6a08982.exe
-
Size
65KB
-
MD5
11bb7b1337145ab6347db7bbd6a08982
-
SHA1
0f9beacf8495dc8c77afbcae23bcbb6a997c18d7
-
SHA256
c9aad35e0b2c067a89076fd5cc74d467c13e62e5a339f6cd4e865925ce9edb46
-
SHA512
5feac82564ae977bafb6beaeb6d33b3abffd47fb7f373516472848c439890a96fb098611567a0fada8850109405f0f3b334b07319e23dfbd01070be0d7156b3f
-
SSDEEP
768:kJzqBI7DrIVnefS1j9xtPnCR97YLiexbysR36qxjT6e0tZEbsDdGmLhPH7UO1OWt:kB6IXEaSeYL99V3rjT6pZE5mLKWvfW0
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 2000 2884 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2884 wrote to memory of 2000 2884 11bb7b1337145ab6347db7bbd6a08982.exe 16 PID 2884 wrote to memory of 2000 2884 11bb7b1337145ab6347db7bbd6a08982.exe 16 PID 2884 wrote to memory of 2000 2884 11bb7b1337145ab6347db7bbd6a08982.exe 16 PID 2884 wrote to memory of 2000 2884 11bb7b1337145ab6347db7bbd6a08982.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 1481⤵
- Program crash
PID:2000
-
C:\Users\Admin\AppData\Local\Temp\11bb7b1337145ab6347db7bbd6a08982.exe"C:\Users\Admin\AppData\Local\Temp\11bb7b1337145ab6347db7bbd6a08982.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2884