Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 11:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4b42472b8cf5fcb701d900f528184a4a.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4b42472b8cf5fcb701d900f528184a4a.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
4b42472b8cf5fcb701d900f528184a4a.exe
-
Size
25KB
-
MD5
4b42472b8cf5fcb701d900f528184a4a
-
SHA1
054999c04626f1410daac35b01a4bb9761b902d9
-
SHA256
5b85cc671bf9fd54f27ed9da34f0e3a701acf0fd0e5e359e1ebbbb6dd881355f
-
SHA512
404eff358150b79064b0a95a06ba5c573aecf46aefc2f9e00c3d3c6b20bbf2128e9ab7bc65ec3e66c62dab1184fcda92b29af1b77ea655e1c2a9b6025760ca5d
-
SSDEEP
384:Qne6DFTEKoP0CUZNPzk2haZxCoJKbjVFFuXhhImRYGMaqfRWp7lZTtaUsNhjmet3:wvpE/PS9Q2hEobFF2hkPrM7lXcZt3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2936 2924 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2936 2924 4b42472b8cf5fcb701d900f528184a4a.exe 15 PID 2924 wrote to memory of 2936 2924 4b42472b8cf5fcb701d900f528184a4a.exe 15 PID 2924 wrote to memory of 2936 2924 4b42472b8cf5fcb701d900f528184a4a.exe 15 PID 2924 wrote to memory of 2936 2924 4b42472b8cf5fcb701d900f528184a4a.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b42472b8cf5fcb701d900f528184a4a.exe"C:\Users\Admin\AppData\Local\Temp\4b42472b8cf5fcb701d900f528184a4a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 1162⤵
- Program crash
PID:2936
-