Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ZoomInstallerFull.exe

  • Size

    49.5MB

  • Sample

    220908-14bcjsgac5

  • MD5

    6babc6ddef111479db5fc82be92c6b0d

  • SHA1

    3d88263ea9f8dd19c2d0f9a72246ee1a33449050

  • SHA256

    2f73fb170e0ee9d1e0ea8788d0548a710a76a234fb5425898b07f496ac29e38d

  • SHA512

    7152beb75d6818165abb8497ef2625cbea6673319d04af7543c234eb8db551e48203dbfeed199561e1a9d27b5ef2ca30f968a3aa3c3cf8c031fb0acca04234da

  • SSDEEP

    1572864:AhgxAMoVxMtPKIPWD7AIlIoeGNjkpHQuAq7GdGB:AhqAPVOtkgwvkpHQuAvs

Score
10/10

Malware Config

Targets

    • Target

      ZoomInstallerFull.exe

    • Size

      49.5MB

    • MD5

      6babc6ddef111479db5fc82be92c6b0d

    • SHA1

      3d88263ea9f8dd19c2d0f9a72246ee1a33449050

    • SHA256

      2f73fb170e0ee9d1e0ea8788d0548a710a76a234fb5425898b07f496ac29e38d

    • SHA512

      7152beb75d6818165abb8497ef2625cbea6673319d04af7543c234eb8db551e48203dbfeed199561e1a9d27b5ef2ca30f968a3aa3c3cf8c031fb0acca04234da

    • SSDEEP

      1572864:AhgxAMoVxMtPKIPWD7AIlIoeGNjkpHQuAq7GdGB:AhqAPVOtkgwvkpHQuAvs

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks