Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 07:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
CATALOG LISTsxlx..exe
Resource
win7-20231129-en
2 signatures
150 seconds
General
-
Target
CATALOG LISTsxlx..exe
-
Size
616KB
-
MD5
4390e4862c4906c8a2f35366ba4066d9
-
SHA1
4688330403611320e6d37dbc54e2327e47b2fe0e
-
SHA256
8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0
-
SHA512
882faa9f80c507b9cb8d2e595893f78dc7a72e1b74c951a3a19d1db6d6682b3b544f74902b946c1a4e6f807cb8c54192366cce5eb360f79ba55da99b940c7d75
-
SSDEEP
12288:ofiw8MkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNW:gD8MZX9uWfm2Yysm2YyhZX9uW
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2136 CATALOG LISTsxlx..exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2648 2136 CATALOG LISTsxlx..exe 28 PID 2136 wrote to memory of 2648 2136 CATALOG LISTsxlx..exe 28 PID 2136 wrote to memory of 2648 2136 CATALOG LISTsxlx..exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\CATALOG LISTsxlx..exe"C:\Users\Admin\AppData\Local\Temp\CATALOG LISTsxlx..exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2136 -s 16042⤵PID:2648
-