Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b2b416d08c3391ce0842d998e0d5f273.exe
-
Size
1.3MB
-
Sample
240202-efffpsfebl
-
MD5
b2b416d08c3391ce0842d998e0d5f273
-
SHA1
b384e63d2d57c5c744d1da4e5e92faad09228ab1
-
SHA256
54471e79557fcf3f12279ab32be68aee2ca1cfd68e29134d0b34caf6975c3254
-
SHA512
42ecf9093b0182388b57e40ff2581ede8a3e9cd487315d02886e19aeb168005016c6178e966cae4a9358b056927947b65a46bf77de432b73d7fce237abb996b9
-
SSDEEP
24576:eziaTTDWECSiUgQCl+V1KPOiLs1yYeunFqjTZfyt2V1zdPY0UavdQ1+fXmc1:UiUvCSH1r2s1NRqHZKt2V1zdPYVaNv5
Static task
static1
Behavioral task
behavioral1
Sample
b2b416d08c3391ce0842d998e0d5f273.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b2b416d08c3391ce0842d998e0d5f273.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
b2b416d08c3391ce0842d998e0d5f273.exe
-
Size
1.3MB
-
MD5
b2b416d08c3391ce0842d998e0d5f273
-
SHA1
b384e63d2d57c5c744d1da4e5e92faad09228ab1
-
SHA256
54471e79557fcf3f12279ab32be68aee2ca1cfd68e29134d0b34caf6975c3254
-
SHA512
42ecf9093b0182388b57e40ff2581ede8a3e9cd487315d02886e19aeb168005016c6178e966cae4a9358b056927947b65a46bf77de432b73d7fce237abb996b9
-
SSDEEP
24576:eziaTTDWECSiUgQCl+V1KPOiLs1yYeunFqjTZfyt2V1zdPY0UavdQ1+fXmc1:UiUvCSH1r2s1NRqHZKt2V1zdPYVaNv5
Score10/10-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1