Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
110s -
max time network
21s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 20:53
Behavioral task
behavioral1
Sample
09035ec9d551214692cda6c4de796e90N.exe
Resource
win7-20240705-en
2 signatures
120 seconds
Behavioral task
behavioral2
Sample
09035ec9d551214692cda6c4de796e90N.exe
Resource
win10v2004-20240709-en
1 signatures
120 seconds
General
-
Target
09035ec9d551214692cda6c4de796e90N.exe
-
Size
653KB
-
MD5
09035ec9d551214692cda6c4de796e90
-
SHA1
5fe5fa5fa3e5ed3aeac9eacad09c26571821015b
-
SHA256
08f4158081aa195d773f0caa8a2518f8936d8c66a825902a588808a00f86fab6
-
SHA512
32272f1e515087630c27df5e02ece3cbc83b897f4b98ad8083af53efd3fd9fe36dc635aaabce9b09251bd0305a5d83f980893ee0ef22151c0655290d6c5304b8
-
SSDEEP
12288:Q3ggq6MaimNk28Rz17yJRJLyt2BDyE7TNW9yyfA5KW7/il+MRjWAehRk+S:j7vmp8Rz1GJR8AB+Is9yvr7/jkT
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2156-0-0x000000013FE10000-0x0000000140232000-memory.dmp upx behavioral1/memory/2156-2-0x000000013FE10000-0x0000000140232000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2664 2156 09035ec9d551214692cda6c4de796e90N.exe 31 PID 2156 wrote to memory of 2664 2156 09035ec9d551214692cda6c4de796e90N.exe 31 PID 2156 wrote to memory of 2664 2156 09035ec9d551214692cda6c4de796e90N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\09035ec9d551214692cda6c4de796e90N.exe"C:\Users\Admin\AppData\Local\Temp\09035ec9d551214692cda6c4de796e90N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2156 -s 842⤵PID:2664
-