Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/01/2024, 06:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
42f8e347af3048b21b5cd24ca1e5a974.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
42f8e347af3048b21b5cd24ca1e5a974.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
42f8e347af3048b21b5cd24ca1e5a974.exe
-
Size
8KB
-
MD5
42f8e347af3048b21b5cd24ca1e5a974
-
SHA1
965060b3f3f91ee977681bf7cc3206c529122b35
-
SHA256
f733b72d10d160b0dcfc5639cf954dfbd595b8d9ca7f4e4bb235639bae0c5082
-
SHA512
bd7a42cedc1b916549e223b49f5d179fbf28b4c04bfc90e8af09b1fa87d6aaeab739661cb18a95c171bbd02bc7fc674b91683b9287a930f3e774d75c8f1d8e9f
-
SSDEEP
24:OEhu70k1miZw4AUHqCC0vfQLLi5FyGq3MX81+dZ1FRdJdcBwAtAwJMLEZGABoUFM:OEP+mEofCmLyn5X8U5rXGBVBoO8cO
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3048 3036 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3036 wrote to memory of 3048 3036 42f8e347af3048b21b5cd24ca1e5a974.exe 28 PID 3036 wrote to memory of 3048 3036 42f8e347af3048b21b5cd24ca1e5a974.exe 28 PID 3036 wrote to memory of 3048 3036 42f8e347af3048b21b5cd24ca1e5a974.exe 28 PID 3036 wrote to memory of 3048 3036 42f8e347af3048b21b5cd24ca1e5a974.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\42f8e347af3048b21b5cd24ca1e5a974.exe"C:\Users\Admin\AppData\Local\Temp\42f8e347af3048b21b5cd24ca1e5a974.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 882⤵
- Program crash
PID:3048
-