Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

WinDS PRO ...28.exe

windows7-x64

WinDS PRO ...28.exe

windows10-2004-x64

7

Resubmissions

04/05/2023, 05:22

230504-f2te5aaa74 7

04/05/2023, 05:09

230504-fs7w6abh8z 7

Analysis

  • max time kernel
    1802s
  • max time network
    1591s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    04/05/2023, 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinDS PRO 2023.04.28.exe

  • Size

    979.1MB

  • MD5

    6e7240f5295073d157f48f2b986382d8

  • SHA1

    988054e1e1c29a947afce9bf474202c0996d9d6c

  • SHA256

    d25466fc0950a205805ddd857199594b83ba1cfbb9b02bfe558514ed2bfe1fdd

  • SHA512

    ff0f71e9f10601b50d1a84a1cc28de70ce41d48407d41fdf30cdfb05c1f2e47ae4d53b71c92baac45bb4139d8bdb070121d030eff90cad9cc5d213e7d2f735dc

  • SSDEEP

    25165824:u1M1OD4vSVI1liBgGjUzaYAYi0Ca8K3Of/XJSP0BJJp1:AyOQ1HGYaYZC4MXJSP0BJJp1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinDS PRO 2023.04.28.exe
    "C:\Users\Admin\AppData\Local\Temp\WinDS PRO 2023.04.28.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Users\Admin\AppData\Local\Temp\is-9832F.tmp\WinDS PRO 2023.04.28.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9832F.tmp\WinDS PRO 2023.04.28.tmp" /SL5="$90036,1025264036,832000,C:\Users\Admin\AppData\Local\Temp\WinDS PRO 2023.04.28.exe"
      2⤵
      • Executes dropped EXE
      PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9832F.tmp\WinDS PRO 2023.04.28.tmp
    Filesize

    3.0MB

    MD5

    92ef60f6ce55807abbbf31a3c3c6e860

    SHA1

    d93caee05299277e1521056292c131ca22ae8168

    SHA256

    4fb5b851bc000ed92319c7f849fce330f0ef23be2322674f50549222d292cc54

    SHA512

    12f7078e1476eaac6360c09dcb23628305607005cd17fdbad76dbdd05b705d74db53dfdf6ebbea6638dad420de43f341458e7952459377aaac8ea893d104a180

    Download Submit

  • memory/1400-133-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/1400-139-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2896-138-0x0000000000A20000-0x0000000000A21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-140-0x0000000000400000-0x0000000000712000-memory.dmp

    Filesize

    3.1MB

    Download