Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 09:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
489b0f927ac2da5549f88a660836eacf.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
489b0f927ac2da5549f88a660836eacf.exe
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
489b0f927ac2da5549f88a660836eacf.exe
-
Size
38KB
-
MD5
489b0f927ac2da5549f88a660836eacf
-
SHA1
ff5be76775fe0c556ef6bafb0a8de8c6c10a0289
-
SHA256
7f5cf9dc1120c6c03ca1f26c9704e27d5f8445b3bb5af15cacc1e89675af8805
-
SHA512
5d00f9d7d7aa7dd7696a5959f9f1bd9612296fb56e968cc2d3b86b09f0f66c3a9ec22fd2bf345e6cafb7c42be1dd1fe4535cf926b8bc565150f9d9d117dacad4
-
SSDEEP
768:6dZV0MxT1hmsDaVE483TnugERRr+s5JeeWv3oWo689T3Azsi/V3QEiWdh24A:IZ1xT1pDrzArt5JeemN6DAzsimEi8ER
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2496 1876 WerFault.exe 23 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1876 wrote to memory of 2496 1876 489b0f927ac2da5549f88a660836eacf.exe 28 PID 1876 wrote to memory of 2496 1876 489b0f927ac2da5549f88a660836eacf.exe 28 PID 1876 wrote to memory of 2496 1876 489b0f927ac2da5549f88a660836eacf.exe 28 PID 1876 wrote to memory of 2496 1876 489b0f927ac2da5549f88a660836eacf.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\489b0f927ac2da5549f88a660836eacf.exe"C:\Users\Admin\AppData\Local\Temp\489b0f927ac2da5549f88a660836eacf.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1876 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 882⤵
- Program crash
PID:2496
-