Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 18:36
Static task
static1
Behavioral task
behavioral1
Sample
MinecraftInstaller.exe
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
MinecraftInstaller.exe
Resource
win10v2004-20240221-en
8 signatures
150 seconds
General
-
Target
MinecraftInstaller.exe
-
Size
32.3MB
-
MD5
cfd9316537bf9aebd4c98e4939085948
-
SHA1
2b2e14d098308c0204ab57f4c6abfb230ae19762
-
SHA256
9c00e8dd5a6c9a8d22a4ae2e5a8bdeecf73b7ba6dbe12e787e5e8bf9bbb0c1c9
-
SHA512
cb9fd36106b915811bcfaaa4359ac2cdd8caad562f4954b9cc21b09b60111c0fb3d2ce06714d0de5339ca7fd62cc658c494b873f4a7062e309746e6a92552975
-
SSDEEP
393216:kbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y5:/Zn/G4Gqk1cWe2iTVCMue3X
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3020 2220 WerFault.exe 27 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2220 MinecraftInstaller.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 3020 2220 MinecraftInstaller.exe 28 PID 2220 wrote to memory of 3020 2220 MinecraftInstaller.exe 28 PID 2220 wrote to memory of 3020 2220 MinecraftInstaller.exe 28 PID 2220 wrote to memory of 3020 2220 MinecraftInstaller.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 11162⤵
- Program crash
PID:3020
-