Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ZBL1211.exe

windows7-x64

8

ZBL1211.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    171s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 16:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZBL1211.exe

  • Size

    1.0MB

  • MD5

    28e5176f4c546fc69f0477016dc33bea

  • SHA1

    5f6ec6d8733967005d30630c1363acb5680abdb1

  • SHA256

    7e444455e23087f0c1e5dd1649bea3b6758f238c1192a8440069756be91c2f8f

  • SHA512

    e43bb6530667e7bf22712f4c76f4cc1c440a9cbadbe2789e86838764cc00617ae023e50a2099b8f3d6a1c781ae686b06040bcd8ec705b9b0856bbab7900d7d29

  • SSDEEP

    24576:5y6xUTMFEyW3NGk8rPjgyfNiD2YuXqdjO498U1NiFznHm:M2REyMUNrV/YCqdjOu/0zG

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZBL1211.exe
    "C:\Users\Admin\AppData\Local\Temp\ZBL1211.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 816
      2⤵
      • Program crash
      PID:536
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3524 -ip 3524
    1⤵
      PID:4244

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3524-132-0x0000000000400000-0x00000000007E3000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/3524-133-0x0000000000400000-0x00000000007E3000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/3524-134-0x0000000000400000-0x00000000007E3000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/3524-135-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-137-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-138-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-140-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-142-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-139-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-144-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-146-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-148-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-150-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-152-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-154-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-156-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-158-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-160-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-162-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-164-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-166-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-168-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-170-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-172-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-174-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-176-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-178-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-180-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3524-181-0x0000000000400000-0x00000000007E3000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/3524-182-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download