Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 22:33

General

  • Target

    4ca010fb899a6fdbd37971146304201d.exe

  • Size

    9KB

  • MD5

    4ca010fb899a6fdbd37971146304201d

  • SHA1

    eec405324e1f30b47d07ebd9971d9869fa8ecd6f

  • SHA256

    ececb5d9a7a83abf153c9c9caf93b0659fc8b2bb317feaa1e678f98d9f36ebc3

  • SHA512

    9c1ebcfceceebd96551923387a61cdc4f3399e3a0e9da80beaba3e33dafe1ae1cc24fb8c44ce9d5a00ad9bc4cc5a11288df675729f932216f7a40f195ce54d33

  • SSDEEP

    192:GBksurEXVwVWweMZZ3V93VnjdwCz53riV:yVwoweM3FnhwClG

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe
    "C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1904 -s 892
      2⤵
        PID:2976

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1904-0-0x00000000012E0000-0x00000000012E8000-memory.dmp

      Filesize

      32KB

    • memory/1904-1-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

      Filesize

      9.9MB

    • memory/1904-2-0x000000001B440000-0x000000001B4C0000-memory.dmp

      Filesize

      512KB

    • memory/1904-3-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

      Filesize

      9.9MB

    • memory/1904-4-0x000000001B440000-0x000000001B4C0000-memory.dmp

      Filesize

      512KB