Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 03:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
272a9670400763fe1bfec8ff2a5d88cc.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
272a9670400763fe1bfec8ff2a5d88cc.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
272a9670400763fe1bfec8ff2a5d88cc.exe
-
Size
1.1MB
-
MD5
272a9670400763fe1bfec8ff2a5d88cc
-
SHA1
7281a82d64cf839a6b126eb52838be9a769144ca
-
SHA256
23e0ec52cef9d815cd340961ffb849da560015c937cb09557018f3f94c4ee5de
-
SHA512
0e5cbe2accda0ffc2cb2477c37f77388923ae6e372fb065c538daba0f4bf4ac837d9d285e46494392714da05788d4e9f6eb3dc0a72c80baeac2161419ce8722f
-
SSDEEP
24576:gLeuHxK/ozmG72SLv6Oli7toctKL83ndslnY9mhLD4C:gqcU/ozmQ2SLv6Oli7mctMIdshY9mhoC
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 2328 2364 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2364 wrote to memory of 2328 2364 272a9670400763fe1bfec8ff2a5d88cc.exe 16 PID 2364 wrote to memory of 2328 2364 272a9670400763fe1bfec8ff2a5d88cc.exe 16 PID 2364 wrote to memory of 2328 2364 272a9670400763fe1bfec8ff2a5d88cc.exe 16 PID 2364 wrote to memory of 2328 2364 272a9670400763fe1bfec8ff2a5d88cc.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 1521⤵
- Program crash
PID:2328
-
C:\Users\Admin\AppData\Local\Temp\272a9670400763fe1bfec8ff2a5d88cc.exe"C:\Users\Admin\AppData\Local\Temp\272a9670400763fe1bfec8ff2a5d88cc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2364