Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/02/2024, 17:24
Behavioral task
behavioral1
Sample
a9bc784d21742e90c8127d35754fda47.exe
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
a9bc784d21742e90c8127d35754fda47.exe
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
a9bc784d21742e90c8127d35754fda47.exe
-
Size
1.3MB
-
MD5
a9bc784d21742e90c8127d35754fda47
-
SHA1
53c24b8ee8d8f3f4aecd2e87225a0690689a3744
-
SHA256
7920d332c21e77266318ef62494dd7217d1249a620c7009fc6e6ebc863621a1a
-
SHA512
c102faf6636dd6ae98f162d489540331b47f7fa61c04ed8e52154bf54421af5216083757fa2646239e8ac5a180de9954a5b40d8ae77f80ae6610e0268e257923
-
SSDEEP
24576:d3CSoKiMcPfcyAdFR69feE8jZ7H5W0ca6u9cPPjBsk6EtfmK3ZogvG:duPKFs9P8jW0cJu2dss1mK
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp upx behavioral1/memory/2936-1-0x0000000000400000-0x000000000086A000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2012 2936 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2012 2936 a9bc784d21742e90c8127d35754fda47.exe 28 PID 2936 wrote to memory of 2012 2936 a9bc784d21742e90c8127d35754fda47.exe 28 PID 2936 wrote to memory of 2012 2936 a9bc784d21742e90c8127d35754fda47.exe 28 PID 2936 wrote to memory of 2012 2936 a9bc784d21742e90c8127d35754fda47.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9bc784d21742e90c8127d35754fda47.exe"C:\Users\Admin\AppData\Local\Temp\a9bc784d21742e90c8127d35754fda47.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 362⤵
- Program crash
PID:2012
-