Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 12:38
Behavioral task
behavioral1
Sample
366be0741b23bcd47d1b005efde16d45.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
366be0741b23bcd47d1b005efde16d45.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
366be0741b23bcd47d1b005efde16d45.exe
-
Size
8KB
-
MD5
366be0741b23bcd47d1b005efde16d45
-
SHA1
53c413cc84596a9df3684f3e1ed009cb974c1de3
-
SHA256
c67a55ab99426ce075acd5c150f3937244dcd759bd591210e219da7a62c025f1
-
SHA512
d535c30038600d255ffa4cb61648c5c14013e02e9a83209b804572eb58cb433ca3c440abb6f8c73754df7ed6599b57175823021f32ecabfb7474b747c84c1919
-
SSDEEP
192:gjmNW/ZAUk1RO1E4DEhComMAkPaQKylkqJ92MV:0bk1EnDEEomMAkPJX3L2MV
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2080-0-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral1/memory/2080-1-0x0000000000400000-0x0000000000408000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2648 2080 WerFault.exe 6 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2080 wrote to memory of 2648 2080 366be0741b23bcd47d1b005efde16d45.exe 16 PID 2080 wrote to memory of 2648 2080 366be0741b23bcd47d1b005efde16d45.exe 16 PID 2080 wrote to memory of 2648 2080 366be0741b23bcd47d1b005efde16d45.exe 16 PID 2080 wrote to memory of 2648 2080 366be0741b23bcd47d1b005efde16d45.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\366be0741b23bcd47d1b005efde16d45.exe"C:\Users\Admin\AppData\Local\Temp\366be0741b23bcd47d1b005efde16d45.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 1402⤵
- Program crash
PID:2648
-