Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/01/2024, 20:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
41cd816b2b887f328f3adcdaa374bdf8.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
41cd816b2b887f328f3adcdaa374bdf8.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
41cd816b2b887f328f3adcdaa374bdf8.exe
-
Size
126KB
-
MD5
41cd816b2b887f328f3adcdaa374bdf8
-
SHA1
2fd282e39ea3a4c4643e00ae81cd49b84c89dac6
-
SHA256
e0c22e4dbe66e76dc2dc2808c44dd3d8a3cab4092b2d088c92b2332ea5e8d71f
-
SHA512
8e5aec6c5757ea44ec19fd04c9e2e36563512ea5839c6c8f956a3c099a71cada14bf13fb3da41d1254ac8dc3303f9d80e0c4c6d332bbd0947deb228476fd123a
-
SSDEEP
3072:sC3WdV21Cil4oKNYjnfYGe64ABbfo48mIIjEPlu:sp721Cxo4YjfmObJMyEPlu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2056 2872 WerFault.exe 13 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2872 wrote to memory of 2056 2872 41cd816b2b887f328f3adcdaa374bdf8.exe 20 PID 2872 wrote to memory of 2056 2872 41cd816b2b887f328f3adcdaa374bdf8.exe 20 PID 2872 wrote to memory of 2056 2872 41cd816b2b887f328f3adcdaa374bdf8.exe 20 PID 2872 wrote to memory of 2056 2872 41cd816b2b887f328f3adcdaa374bdf8.exe 20
Processes
-
C:\Users\Admin\AppData\Local\Temp\41cd816b2b887f328f3adcdaa374bdf8.exe"C:\Users\Admin\AppData\Local\Temp\41cd816b2b887f328f3adcdaa374bdf8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 362⤵
- Program crash
PID:2056
-