Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 09:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
76efeb694a4781b75e65c6900e34084d.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
76efeb694a4781b75e65c6900e34084d.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
76efeb694a4781b75e65c6900e34084d.exe
-
Size
42KB
-
MD5
76efeb694a4781b75e65c6900e34084d
-
SHA1
88ced53dc25a4b5e92f6942f9b67f70061e4f8cb
-
SHA256
9cef9b7534589526fe5500c06b9d1391757b5f3b0d9c0fa0ba0748e23002a937
-
SHA512
17c1bf6dcdd4dc77f0dc1a3eaa1a8e2bd8750ec55474e0c663012d261fe5cffba7829bc1ffe8638d8924282753eca2ddd515fd16bd378e0af598279d99ceae85
-
SSDEEP
768:m3w3UNTmG7vbrl6i3mE6x3rbiZiyCM+CVkp1/3k:mgkNTJbESRyidv+Cab/3k
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2016 3052 WerFault.exe 16 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3052 wrote to memory of 2016 3052 76efeb694a4781b75e65c6900e34084d.exe 28 PID 3052 wrote to memory of 2016 3052 76efeb694a4781b75e65c6900e34084d.exe 28 PID 3052 wrote to memory of 2016 3052 76efeb694a4781b75e65c6900e34084d.exe 28 PID 3052 wrote to memory of 2016 3052 76efeb694a4781b75e65c6900e34084d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\76efeb694a4781b75e65c6900e34084d.exe"C:\Users\Admin\AppData\Local\Temp\76efeb694a4781b75e65c6900e34084d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 882⤵
- Program crash
PID:2016
-