e198a1cf6988b3e8bffa5dec0b28c891c5ef4116c71fbc94d9a68ed9e9b444eb

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

VirtualBox...on.exe

windows10-2004-x64

license.txt

windows10-2004-x64

readme_1013790.txt

windows10-2004-x64

zsys-maste...ig.yml

windows10-2004-x64

zsys-maste...s.yaml

windows10-2004-x64

zsys-maste...s.yaml

windows10-2004-x64

zsys-maste...y.yaml

windows10-2004-x64

zsys-maste...ignore

windows10-2004-x64

zsys-maste...ata.go

windows10-2004-x64

zsys-maste...ion.go

windows10-2004-x64

zsys-maste...mon.go

windows10-2004-x64

zsys-maste...est.go

windows10-2004-x64

zsys-maste...ysd.go

windows10-2004-x64

zsys-maste...ain.go

windows10-2004-x64

zsys-maste...est.go

windows10-2004-x64

zsys-maste...ATE.md

windows10-2004-x64

zsys-maste...ot.png

windows10-2004-x64

zsys-maste...ze.yml

windows10-2004-x64

zsys-maste...ld.yml

windows10-2004-x64

zsys-maste...at.yml

windows10-2004-x64

zsys-maste...sh.yml

windows10-2004-x64

zsys-maste...st.yml

windows10-2004-x64

zsys-maste...ignore

windows10-2004-x64

zsys-maste...ignore

windows10-2004-x64

zsys-maste...ignore

windows10-2004-x64

Resubmissions

23/01/2023, 13:41

230123-qzjg9add79 10

27/12/2022, 17:22

221227-vxl8ksfd97 10

27/12/2022, 17:10

221227-vprhbsae8t 10

Analysis

max time kernel
65s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27/12/2022, 17:22

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

VirtualBox 7.0-Download_Old_Builds - About - Documentation.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

23 signatures

600 seconds

Behavioral task

behavioral2

Sample

license.txt

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral3

Sample

readme_1013790.txt

Resource

win10v2004-20220901-en

windows10-2004-x64

2 signatures

600 seconds

Behavioral task

behavioral4

Sample

zsys-master/.github/ISSUE_TEMPLATE/config.yml

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral5

Sample

zsys-master/.github/workflows/auto-updates.yaml

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral6

Sample

zsys-master/.github/workflows/commands.yaml

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral7

Sample

zsys-master/.github/workflows/repo-quality.yaml

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral8

Sample

zsys-master/.gitignore

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral9

Sample

zsys-master/cmd/zsysd/client/userdata.go

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral10

Sample

zsys-master/cmd/zsysd/client/version.go

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral11

Sample

zsys-master/cmd/zsysd/cmdhandler/common.go

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral12

Sample

zsys-master/cmd/zsysd/cmdhandler/suggest.go

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral13

Sample

zsys-master/cmd/zsysd/daemon/zsysd.go

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral14

Sample

zsys-master/cmd/zsysd/main.go

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral15

Sample

zsys-master/internal/authorizer/internal_test.go

Resource

win10v2004-20220901-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral16

Sample

zsys-master/yaru_widgets.dart-main/.github/PULL_REQUEST_TEMPLATE.md

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral17

Sample

zsys-master/yaru_widgets.dart-main/.github/images/screenshot.png

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

600 seconds

Behavioral task

behavioral18

Sample

zsys-master/yaru_widgets.dart-main/.github/workflows/analyze.yml

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral19

Sample

zsys-master/yaru_widgets.dart-main/.github/workflows/build.yml

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral20

Sample

zsys-master/yaru_widgets.dart-main/.github/workflows/format.yml

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral21

Sample

zsys-master/yaru_widgets.dart-main/.github/workflows/publish.yml

Resource

win10v2004-20220901-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral22

Sample

zsys-master/yaru_widgets.dart-main/.github/workflows/test.yml

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral23

Sample

zsys-master/yaru_widgets.dart-main/.gitignore

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

600 seconds

Behavioral task

behavioral24

Sample

zsys-master/yaru_widgets.dart-main/example/.gitignore

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

600 seconds

Behavioral task

behavioral25

Sample

zsys-master/yaru_widgets.dart-main/example/linux/.gitignore

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

600 seconds

Report Analysis Logs

General

Target

readme_1013790.txt
Size

566KB
MD5

1d3951b6b916973b9750b43216bb91fb
SHA1

fd1abc2670b1d87cb0b0dc1ca0fb3ef289a65340
SHA256

b128084a842bae5fe997424a0d2dc94c05d7682577338321714862471755af26
SHA512

fa01c58ab57b81be6189d07f626527eb24aa461a54fdba13f29b46bda6f200430b4a5b4dc79f8f9b2f0886382781b72ae20e3a9392d94905a379cc2bac42b458
SSDEEP

3072:teKK2lEn4OHoOInTT4bcRtxYdvCOY7D9ct2:cKans/edc7D982

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4708	NOTEPAD.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4708	NOTEPAD.EXE

Processes

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\readme_1013790.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:4708

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads