Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d6086041f6...92.exe

windows7-x64

8

d6086041f6...92.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    123s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe

  • Size

    135KB

  • MD5

    a055f85742faf5058894c7b5096418e0

  • SHA1

    4c780c61456b6331be8c47c1f4c3be5e26313b69

  • SHA256

    d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92

  • SHA512

    2ac9dd47a50f033f45567c7aa0cb6055552896b0b562ff7439522fb2ec549b72c1ccc9e27b32e1a24b211cff255f5aed26d73e8e9c12be861b33ba8aa6a06ce9

  • SSDEEP

    3072:mcLXTpcvocFIALdm3vL52HBnXTmy5xEKJ9W8NRt:FLX1qoEd2v928DHERt

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe
    "C:\Users\Admin\AppData\Local\Temp\d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4964
  • C:\PROGRA~3\Mozilla\znblaln.exe
    C:\PROGRA~3\Mozilla\znblaln.exe -irlyaih
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:5072

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\znblaln.exe
    Filesize

    135KB

    MD5

    458dd3bb9b87482bf903b477b27e88a5

    SHA1

    ad90cb0c8a36133902fb8d2011a49e13d64bd7cb

    SHA256

    314b8163c123bfa33fde855711909d938270adc55ca920d2066f6461c1a6917b

    SHA512

    b69edacc43490e57a6e6820f7dd8079a834440674167bba54a8c48668048659af52f2f912d8f4a7cc8a6c1b4674b8374976949fb2aa4b2fb56c47e9332eedfca

    Download Submit

  • C:\ProgramData\Mozilla\znblaln.exe
    Filesize

    135KB

    MD5

    458dd3bb9b87482bf903b477b27e88a5

    SHA1

    ad90cb0c8a36133902fb8d2011a49e13d64bd7cb

    SHA256

    314b8163c123bfa33fde855711909d938270adc55ca920d2066f6461c1a6917b

    SHA512

    b69edacc43490e57a6e6820f7dd8079a834440674167bba54a8c48668048659af52f2f912d8f4a7cc8a6c1b4674b8374976949fb2aa4b2fb56c47e9332eedfca

    Download Submit

  • memory/4964-132-0x00000000020C0000-0x000000000211B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/5072-139-0x0000000000C90000-0x0000000000CEB000-memory.dmp

    Filesize

    364KB

    Download