Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/01/2024, 09:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4081e6a4f1da17d09231f124428bee10.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4081e6a4f1da17d09231f124428bee10.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4081e6a4f1da17d09231f124428bee10.exe
-
Size
87KB
-
MD5
4081e6a4f1da17d09231f124428bee10
-
SHA1
2dfe391211be7c2b86640795955969bb759e4ad4
-
SHA256
46f5c680eafb00a1ccce4f1e2c92d62fe833feb73fe25adc51cb0b8fc121e129
-
SHA512
750c4805615aff601318e88e77e047e43d621c9d4bfe2c0446164fd78bfa084b854596fd76c10cb2effecf77a4d070299554d4a7a4c366cf1e0210ac8db9bcc7
-
SSDEEP
1536:dfiii1yEb2jwUJFmhnKBxTaPETB8ZXLP45rO0ZOWpjVrs2ryrd1vUQuq5Eer/:Oyw/UJFmYxOcTBwr4bZDHs2qj7/
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2692 2580 WerFault.exe 24 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2580 wrote to memory of 2692 2580 4081e6a4f1da17d09231f124428bee10.exe 30 PID 2580 wrote to memory of 2692 2580 4081e6a4f1da17d09231f124428bee10.exe 30 PID 2580 wrote to memory of 2692 2580 4081e6a4f1da17d09231f124428bee10.exe 30 PID 2580 wrote to memory of 2692 2580 4081e6a4f1da17d09231f124428bee10.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\4081e6a4f1da17d09231f124428bee10.exe"C:\Users\Admin\AppData\Local\Temp\4081e6a4f1da17d09231f124428bee10.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 362⤵
- Program crash
PID:2692
-