Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/03/2024, 02:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d7acd0ace8c9c4edc021724d6acc9d8d.exe
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
d7acd0ace8c9c4edc021724d6acc9d8d.exe
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
d7acd0ace8c9c4edc021724d6acc9d8d.exe
-
Size
96KB
-
MD5
d7acd0ace8c9c4edc021724d6acc9d8d
-
SHA1
96b7b214b8eaeb0fc71bc34d4ee1f86989021d93
-
SHA256
a6f3385452c3e02cf67a6308113c7501ed40ad71e6009cd319c8e4689617e68a
-
SHA512
4ca36dde4137e4216d80f50d5aac60b6c36866c6d84918874f61b608ac57ffdef5b3971507ed8d0190ebb72beb224146984e27fb6416971b2f35f9934b51e6f5
-
SSDEEP
1536:dtjtioHWCnCjXY7WpATNYxluOBchSWSNtNE/uWY4njnB5:dxT23jXpw8lpWSNA//ZnX
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2696 2128 WerFault.exe 27 -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28 PID 2128 wrote to memory of 2696 2128 d7acd0ace8c9c4edc021724d6acc9d8d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7acd0ace8c9c4edc021724d6acc9d8d.exe"C:\Users\Admin\AppData\Local\Temp\d7acd0ace8c9c4edc021724d6acc9d8d.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 3082⤵
- Program crash
PID:2696
-