Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 13:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
19785e9fc3fcaf015fe9700a9f5c78b1.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
19785e9fc3fcaf015fe9700a9f5c78b1.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
19785e9fc3fcaf015fe9700a9f5c78b1.exe
-
Size
413KB
-
MD5
19785e9fc3fcaf015fe9700a9f5c78b1
-
SHA1
cbd6d35a388811d362c860b16cafedfbde505e88
-
SHA256
34a6c2820112e6ea2e70e130fad963e3e405fbc378e502d29d067dc783a5972c
-
SHA512
67ce0d29333841a7bc7f56c5312807a316b2865da8e8078b1e8303c91c057591e997dfdb62d44974111555daccf958f77c8e502df8376028253b607210eae32f
-
SSDEEP
6144:MYUTSKe45+GWh9dTX2adDWw1Turojl9IFsANJLmfBrm:MFSr45mh9hrl4roZ9IaBrm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3068 3056 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3056 wrote to memory of 3068 3056 19785e9fc3fcaf015fe9700a9f5c78b1.exe 23 PID 3056 wrote to memory of 3068 3056 19785e9fc3fcaf015fe9700a9f5c78b1.exe 23 PID 3056 wrote to memory of 3068 3056 19785e9fc3fcaf015fe9700a9f5c78b1.exe 23 PID 3056 wrote to memory of 3068 3056 19785e9fc3fcaf015fe9700a9f5c78b1.exe 23
Processes
-
C:\Users\Admin\AppData\Local\Temp\19785e9fc3fcaf015fe9700a9f5c78b1.exe"C:\Users\Admin\AppData\Local\Temp\19785e9fc3fcaf015fe9700a9f5c78b1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 1162⤵
- Program crash
PID:3068
-