Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 22:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
EraFn_1.exe
Resource
win7-20231215-en
windows7-x64
5 signatures
30 seconds
Behavioral task
behavioral2
Sample
EraFn_1.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
30 seconds
General
-
Target
EraFn_1.exe
-
Size
85KB
-
MD5
03d95e6635b58c29aac763af2c438672
-
SHA1
799ad513ef379aa9d1266f12e1ab80a7b46dcb2d
-
SHA256
719fb87279e6e34b87927d9371094a34371195cf890205e529c12368183a745f
-
SHA512
863da47ee713fd0a1452a5985fb741f0c4be937703bfa5201cfb8d86eded07bcbe5725846ce708def4e25b6dc2bf646b432ac06b5df4e6935d76ca3c88ffae6c
-
SSDEEP
1536:Wbk4bSMPrphSHSFXseDG7g14B185bh6hHX5Ou/JeeK2J:abKHSFXtGg8s6hHXl/JeeK2J
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
pid Process 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1656 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1208 EraFn_1.exe Token: SeDebugPrivilege 1656 taskmgr.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe -
Suspicious use of SendNotifyMessage 31 IoCs
pid Process 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe 1656 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\EraFn_1.exe"C:\Users\Admin\AppData\Local\Temp\EraFn_1.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1208
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1656