Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

ZealotAlli...lp.chm

windows7-x64

1

ZealotAlli...lp.chm

windows10-2004-x64

1

ZealotAlli....2.dll

windows7-x64

3

ZealotAlli....2.dll

windows10-2004-x64

3

ZealotAlli....7.dll

windows7-x64

3

ZealotAlli....7.dll

windows10-2004-x64

3

ZealotAlli....0.dll

windows7-x64

1

ZealotAlli....0.dll

windows10-2004-x64

1

ZealotAlli...��.exe

windows7-x64

1

ZealotAlli...��.exe

windows10-2004-x64

1

ZealotAlli...er.exe

windows7-x64

1

ZealotAlli...er.exe

windows10-2004-x64

1

ZealotAlli...��.htm

windows7-x64

1

ZealotAlli...��.htm

windows10-2004-x64

1

ZealotAlli...��.url

windows7-x64

1

ZealotAlli...��.url

windows10-2004-x64

1

ZealotAlli...��.url

windows7-x64

1

ZealotAlli...��.url

windows10-2004-x64

1

ZealotAlli...��.url

windows7-x64

1

ZealotAlli...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    125s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 21:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZealotAllideoConverter/All Video Converter/必看说明.htm

  • Size

    6KB

  • MD5

    3a3dd6a8121fbb4e4f1181e3b73bf01b

  • SHA1

    6faccc6dcb27fbde623b91d877f4732127dcf8be

  • SHA256

    05e6f40288872e4adf72a685297d6462c832401c945bf63b7e244a281b967f01

  • SHA512

    3e0f55dca36b4684a6853bc8c59e6bf2b4a2e699ef76620c4197bb6b39fd0fe732de7d83d3efba0e64d0269ef7a1f2bc69c571355b6f9784e65db81cc3025eeb

  • SSDEEP

    96:eygWlXZktTuDndkYWuokAbVXHISaQN1exgemaQNA5FaQ/APUgJX/kh8rW3H6aQNf:ebiXFDzeXdxfx2Fxh8rW3H6x9xQWn

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\ZealotAllideoConverter\All Video Converter\必看说明.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:668

Network

  • flag-unknown
    DNS
    www.cngr.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.cngr.cn
    IN A
    Response
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    707 B
     7.6kB
     8
    11
  • 8.8.8.8:53
    www.cngr.cn
    dns
    IEXPLORE.EXE
    57 B
     110 B
     1
    1

    DNS Request

    www.cngr.cn

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AMXXB98Q.txt
    Filesize

    608B

    MD5

    8214759191788dcd4e35c1147252885d

    SHA1

    3be2eb1aed249f4684bde1b94840e08a7f0fb6a0

    SHA256

    990f2b4e9433d80f8e76f29ec5dbe4c8b73a2b4e94c8423a7ca48c9a3345b699

    SHA512

    2bb57dc40de1296a2a426e92efff2abb04e57a3941167666c44bd706464d79da622e2d957fb99d99d1fda87f514a291452d06d567431d84396021c13b365a264

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.