Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11/03/2024, 04:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bfd54f7580601a600961a0175a8748e8.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
bfd54f7580601a600961a0175a8748e8.exe
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
bfd54f7580601a600961a0175a8748e8.exe
-
Size
9KB
-
MD5
bfd54f7580601a600961a0175a8748e8
-
SHA1
6c1e7d33cd0c95f786264942f9b2ab101ba47fa3
-
SHA256
3657399e863dce379e4038d813d9234d6844fe2671538980eca8e55dbd8c2b2d
-
SHA512
dfb8eb1188198bc3e599db0f4af84ced44116e4ea1a57e89d7c039401246477ba31f962d1cac83be335346457c0d166935996e154a5d1f37dc953f1ad210e456
-
SSDEEP
192:FBksuHDUSOV2oJyeMZZ3f93VnjdwCzT3YGaHzEE:oCyeMJFnhwC3IGaHI
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2056 bfd54f7580601a600961a0175a8748e8.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2056 wrote to memory of 2700 2056 bfd54f7580601a600961a0175a8748e8.exe 28 PID 2056 wrote to memory of 2700 2056 bfd54f7580601a600961a0175a8748e8.exe 28 PID 2056 wrote to memory of 2700 2056 bfd54f7580601a600961a0175a8748e8.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfd54f7580601a600961a0175a8748e8.exe"C:\Users\Admin\AppData\Local\Temp\bfd54f7580601a600961a0175a8748e8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2056 -s 8882⤵PID:2700
-