Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2024, 22:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7b751b12e1ba5957b750deee88c76556.exe
Resource
win7-20231215-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
7b751b12e1ba5957b750deee88c76556.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
7b751b12e1ba5957b750deee88c76556.exe
-
Size
297KB
-
MD5
7b751b12e1ba5957b750deee88c76556
-
SHA1
c00cc6033fc686d60a8731f5f9fef47c9b9dd6e6
-
SHA256
88694f8e030e9d1ef06c16419ae18bd428c1e6907d191e20679f36734b2fe22b
-
SHA512
f2f707e7268056c6107944b9cccca80925ed54551cb16308bc2f3b2f97f9cae4f18dbe65e7f8ee0fc5b2ecc608fe6e25efc51ed681c4e192dcc2bdb7ebf3507f
-
SSDEEP
6144:F2OO3dRD1tAJRn3EdJgq9RN/7581IWrAL7qHJKeQNCE:8VfDPenWJgqdTqI0AL7qEeQNCE
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3284 3628 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3628 wrote to memory of 5028 3628 7b751b12e1ba5957b750deee88c76556.exe 85 PID 3628 wrote to memory of 5028 3628 7b751b12e1ba5957b750deee88c76556.exe 85 PID 3628 wrote to memory of 5028 3628 7b751b12e1ba5957b750deee88c76556.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b751b12e1ba5957b750deee88c76556.exe"C:\Users\Admin\AppData\Local\Temp\7b751b12e1ba5957b750deee88c76556.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\Users\Admin\AppData\Local\Temp\7b751b12e1ba5957b750deee88c76556.exe"C:\Users\Admin\AppData\Local\Temp\7b751b12e1ba5957b750deee88c76556.exe"2⤵PID:5028
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 5042⤵
- Program crash
PID:3284
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3628 -ip 36281⤵PID:4856