Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 22:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4ca010fb899a6fdbd37971146304201d.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4ca010fb899a6fdbd37971146304201d.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
4ca010fb899a6fdbd37971146304201d.exe
-
Size
9KB
-
MD5
4ca010fb899a6fdbd37971146304201d
-
SHA1
eec405324e1f30b47d07ebd9971d9869fa8ecd6f
-
SHA256
ececb5d9a7a83abf153c9c9caf93b0659fc8b2bb317feaa1e678f98d9f36ebc3
-
SHA512
9c1ebcfceceebd96551923387a61cdc4f3399e3a0e9da80beaba3e33dafe1ae1cc24fb8c44ce9d5a00ad9bc4cc5a11288df675729f932216f7a40f195ce54d33
-
SSDEEP
192:GBksurEXVwVWweMZZ3V93VnjdwCz53riV:yVwoweM3FnhwClG
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1904 4ca010fb899a6fdbd37971146304201d.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1904 wrote to memory of 2976 1904 4ca010fb899a6fdbd37971146304201d.exe 28 PID 1904 wrote to memory of 2976 1904 4ca010fb899a6fdbd37971146304201d.exe 28 PID 1904 wrote to memory of 2976 1904 4ca010fb899a6fdbd37971146304201d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe"C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1904 -s 8922⤵PID:2976
-