Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

vs_update_...10.exe

windows7-x64

8

vs_update_...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vs_update_win-x64_1.19.0-pre.10.exe

  • Size

    87.5MB

  • MD5

    72e397f6cae84f0aa70b2f63c7e774d9

  • SHA1

    bcf9b398a16e945027d2b165b5328cc43abc76d4

  • SHA256

    1f1701651fec90b7c4961c8a3c685603148aef11863aa27e7a88c5d927473383

  • SHA512

    366ee828069aa20bf7e692ad6a588edca9c60555d31d25176377301d720451748a6f555798f2edc349ebe8214c863c01b3301cec6d146cb4df56e5a9c03a2cd3

  • SSDEEP

    1572864:y1GcaoA8M/lqHzXbISFM0gYOEKulLozrCd6YIYLwZyibG6sKkvk1fWySz:6moA8GqASCGOXu8JwUyuG6cs1fPSz

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vs_update_win-x64_1.19.0-pre.10.exe
    "C:\Users\Admin\AppData\Local\Temp\vs_update_win-x64_1.19.0-pre.10.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\AppData\Local\Temp\is-IH35D.tmp\vs_update_win-x64_1.19.0-pre.10.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-IH35D.tmp\vs_update_win-x64_1.19.0-pre.10.tmp" /SL5="$60262,90406711,983040,C:\Users\Admin\AppData\Local\Temp\vs_update_win-x64_1.19.0-pre.10.exe"
      2⤵
      • Executes dropped EXE
      PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-IH35D.tmp\vs_update_win-x64_1.19.0-pre.10.tmp
    Filesize

    3.2MB

    MD5

    e61945d6fc27561190dfa8f220ba86f3

    SHA1

    a9d0645e82830a2a150cde87d73d83d4f67d75a8

    SHA256

    6871dd1e729f60271936c92a1a1040176f0b133913c1d0d74492e4caa7d6d1ab

    SHA512

    64e69efe1eb55548a8527d258e0b91c2671416227d9ca9acfa949978f16c6d5a478e782ccf4cc249a12efd0d065c8b0117db9450f5569232536ef232641fb23d

    Download Submit

  • memory/832-0-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/832-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/832-8-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/4608-6-0x0000000000400000-0x0000000000739000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4608-9-0x0000000000400000-0x0000000000739000-memory.dmp

    Filesize

    3.2MB

    Download