Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 13:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a3de66b09996c0853b39a65906f7c587.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a3de66b09996c0853b39a65906f7c587.exe
Resource
win10v2004-20240221-en
1 signatures
150 seconds
General
-
Target
a3de66b09996c0853b39a65906f7c587.exe
-
Size
59KB
-
MD5
a3de66b09996c0853b39a65906f7c587
-
SHA1
c676492ef3c61715765556744619a5f7270eb900
-
SHA256
082cd5209ef1fecf25b394561f07ee65d40379ad7b33f97bae8d16ddac11b873
-
SHA512
1a1661058676841d87a971ee270053f59b23dab70ef15b8dcf4e3ed08d129160a9f56e62f3720f64b9de9995c85a42a0346433704ca48781e469cab8cd2c47be
-
SSDEEP
1536:8eOvwAG2gP4hqhaCPJSINmCg2gQ1thlism:8eOvw91hZJSARPht/ism
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 1624 2456 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2456 wrote to memory of 1624 2456 a3de66b09996c0853b39a65906f7c587.exe 1 PID 2456 wrote to memory of 1624 2456 a3de66b09996c0853b39a65906f7c587.exe 1 PID 2456 wrote to memory of 1624 2456 a3de66b09996c0853b39a65906f7c587.exe 1 PID 2456 wrote to memory of 1624 2456 a3de66b09996c0853b39a65906f7c587.exe 1
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 361⤵
- Program crash
PID:1624
-
C:\Users\Admin\AppData\Local\Temp\a3de66b09996c0853b39a65906f7c587.exe"C:\Users\Admin\AppData\Local\Temp\a3de66b09996c0853b39a65906f7c587.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2456