Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 08:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
130fecf21d8c120e31775237c8553afe.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
130fecf21d8c120e31775237c8553afe.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
130fecf21d8c120e31775237c8553afe.exe
-
Size
84KB
-
MD5
130fecf21d8c120e31775237c8553afe
-
SHA1
fc776dfc80207759c2f0a5ffa1060dbf06236bd4
-
SHA256
b3a16874ac9dfd29fb7e30185691fdb276b33efad974d6741de4ecbf29f3811a
-
SHA512
784302f0d49bf3a6dd49b016e44933693e6248f950be0779a20dd59643a45d76ba91687ba605b89a3d0efccc9eb19d674032e7a8d0228cc915a50caf84a4129e
-
SSDEEP
1536:1lgQwkCR4IDNuBhNOV6baOUn0f7pzmVI2:nIDBWNL1Sudz/2
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 2856 2664 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2856 2664 130fecf21d8c120e31775237c8553afe.exe 16 PID 2664 wrote to memory of 2856 2664 130fecf21d8c120e31775237c8553afe.exe 16 PID 2664 wrote to memory of 2856 2664 130fecf21d8c120e31775237c8553afe.exe 16 PID 2664 wrote to memory of 2856 2664 130fecf21d8c120e31775237c8553afe.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 921⤵
- Program crash
PID:2856
-
C:\Users\Admin\AppData\Local\Temp\130fecf21d8c120e31775237c8553afe.exe"C:\Users\Admin\AppData\Local\Temp\130fecf21d8c120e31775237c8553afe.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2664