Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:09
Behavioral task
behavioral1
Sample
296f6ab9c1e74fd61df8b0a4dff7361a.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
296f6ab9c1e74fd61df8b0a4dff7361a.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
296f6ab9c1e74fd61df8b0a4dff7361a.exe
-
Size
286KB
-
MD5
296f6ab9c1e74fd61df8b0a4dff7361a
-
SHA1
ae9a3332eaff0ca17ef61b4b304d1a61e9c8e991
-
SHA256
c33a94e4a2db873c6c57508e2b30905c162d6ab1eeaf9560e843b7fb79cc4eb5
-
SHA512
423e59aee191ac6e543c737f51c017a32f12d3eb5cc564c979b67a739b7190bb0aa2300e80e021b541dbecc093ab8801bb7f9cb1cd63efd0412f2581adaaad29
-
SSDEEP
6144:GglaWr7/LNX32YooMkOY7QtnIOpehuQt+55+ryePZN0UNr:GTC7xH2YVnv7QFfpepY5+wUl
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2748-0-0x0000000000400000-0x00000000004F5000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2712 2748 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2748 wrote to memory of 2712 2748 296f6ab9c1e74fd61df8b0a4dff7361a.exe 29 PID 2748 wrote to memory of 2712 2748 296f6ab9c1e74fd61df8b0a4dff7361a.exe 29 PID 2748 wrote to memory of 2712 2748 296f6ab9c1e74fd61df8b0a4dff7361a.exe 29 PID 2748 wrote to memory of 2712 2748 296f6ab9c1e74fd61df8b0a4dff7361a.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\296f6ab9c1e74fd61df8b0a4dff7361a.exe"C:\Users\Admin\AppData\Local\Temp\296f6ab9c1e74fd61df8b0a4dff7361a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 482⤵
- Program crash
PID:2712
-