Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
12/03/2024, 19:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c4285b973902e9d77e8e73712aaed091.exe
Resource
win7-20240215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
c4285b973902e9d77e8e73712aaed091.exe
Resource
win10v2004-20240226-en
0 signatures
150 seconds
General
-
Target
c4285b973902e9d77e8e73712aaed091.exe
-
Size
6KB
-
MD5
c4285b973902e9d77e8e73712aaed091
-
SHA1
478daac7f4b32f40344c60efde051f36861001a1
-
SHA256
71a40b350b4dc325a4023ba9bd0be3fb387679bdd2b45b82e89b9eb6b180becc
-
SHA512
e817a634a2c74b9063119c679d2fb024e9fa413a9177061f248fb4eb580c6f9324a0eebaa5f5a600cd7b29521f5099de388129387e8bc16a6925beba933c901f
-
SSDEEP
48:SRbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9u6O:Y0mIGnFc/38+N4ZHJWSY9FI5Wqbx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1600 wrote to memory of 1920 1600 c4285b973902e9d77e8e73712aaed091.exe 28 PID 1600 wrote to memory of 1920 1600 c4285b973902e9d77e8e73712aaed091.exe 28 PID 1600 wrote to memory of 1920 1600 c4285b973902e9d77e8e73712aaed091.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c4285b973902e9d77e8e73712aaed091.exe"C:\Users\Admin\AppData\Local\Temp\c4285b973902e9d77e8e73712aaed091.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1600 -s 322⤵PID:1920
-