Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16/07/2024, 09:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a23e4328d9122a8f6dbec91e57cce720N.exe
Resource
win7-20240705-en
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
a23e4328d9122a8f6dbec91e57cce720N.exe
Resource
win10v2004-20240709-en
1 signatures
120 seconds
General
-
Target
a23e4328d9122a8f6dbec91e57cce720N.exe
-
Size
144KB
-
MD5
a23e4328d9122a8f6dbec91e57cce720
-
SHA1
2edd086c19613ec08f6eadece3bdb1d158b6a8c8
-
SHA256
f622aeadf1f5e803c8a378adcc28595e62190f7295b3c97586542e96daa13ba9
-
SHA512
23f7a98f4badb79a3e69dcf659404fbb3adbee2566e92c2587394482f3a774ea66f4e5b6086fc8b02666fc94e61d97a80c4235086fd8b6de6aac7357bddc98e6
-
SSDEEP
3072:zqR4TLJf/bqLk6zV638aWBwJUiNzQQIdfy8O/31LDOKmCkB0HmRcayz:zX3JfDOkyV638vwJUiNzQzNy8OtX2Lmf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2636 2040 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2636 2040 a23e4328d9122a8f6dbec91e57cce720N.exe 30 PID 2040 wrote to memory of 2636 2040 a23e4328d9122a8f6dbec91e57cce720N.exe 30 PID 2040 wrote to memory of 2636 2040 a23e4328d9122a8f6dbec91e57cce720N.exe 30 PID 2040 wrote to memory of 2636 2040 a23e4328d9122a8f6dbec91e57cce720N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a23e4328d9122a8f6dbec91e57cce720N.exe"C:\Users\Admin\AppData\Local\Temp\a23e4328d9122a8f6dbec91e57cce720N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 362⤵
- Program crash
PID:2636
-