Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ce503938c7...d5.exe

windows7-x64

9

ce503938c7...d5.exe

windows10-2004-x64

Analysis

  • max time kernel
    141s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 00:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce503938c7221b03ac3d8d4f5f448bb0e965d3a567902c5fff806c8caef5b6d5.exe

  • Size

    51KB

  • MD5

    279605a755ef3997a8dab583ba033e07

  • SHA1

    646a051c86901564f5c46c34d1b486f7f603712c

  • SHA256

    ce503938c7221b03ac3d8d4f5f448bb0e965d3a567902c5fff806c8caef5b6d5

  • SHA512

    a6a1fe22a93706971689bba0f7c843b8c2e9b0696d2be2da59c7aa903831b07e0aa116b432bcda1f7dfa701c5a471843d53d844a593abd4d8c5edbc6ff4656bf

  • SSDEEP

    1536:lvQoLHjw2iWPKEq7OyX60MXXXcFFFrddd+:lv5Ls27k7OyX60MXXXwddd+

Score
9/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce503938c7221b03ac3d8d4f5f448bb0e965d3a567902c5fff806c8caef5b6d5.exe
    "C:\Users\Admin\AppData\Local\Temp\ce503938c7221b03ac3d8d4f5f448bb0e965d3a567902c5fff806c8caef5b6d5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\CE5039~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2196
  • C:\Windows\Debug\zskhost.exe
    C:\Windows\Debug\zskhost.exe
    1⤵
    • Executes dropped EXE
    PID:804

Network

  • flag-us
    DNS
    XtsWMvgCm.nnnn.eu.org
    zskhost.exe
    Remote address:
    8.8.8.8:53
    Request
    XtsWMvgCm.nnnn.eu.org
    IN A
    Response
  • flag-us
    DNS
    PCIUkM7KF.nnnn.eu.org
    zskhost.exe
    Remote address:
    8.8.8.8:53
    Request
    PCIUkM7KF.nnnn.eu.org
    IN A
    Response
  • flag-us
    DNS
    kbtUlipi3x.nnnn.eu.org
    zskhost.exe
    Remote address:
    8.8.8.8:53
    Request
    kbtUlipi3x.nnnn.eu.org
    IN A
    Response
  • flag-us
    DNS
    KIafXCJqn.nnnn.eu.org
    zskhost.exe
    Remote address:
    8.8.8.8:53
    Request
    KIafXCJqn.nnnn.eu.org
    IN A
    Response
  • flag-us
    DNS
    uylro9IyXP.nnnn.eu.org
    zskhost.exe
    Remote address:
    8.8.8.8:53
    Request
    uylro9IyXP.nnnn.eu.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    XtsWMvgCm.nnnn.eu.org
    dns
    zskhost.exe
    67 B
     117 B
     1
    1

    DNS Request

    XtsWMvgCm.nnnn.eu.org

  • 8.8.8.8:53
    PCIUkM7KF.nnnn.eu.org
    dns
    zskhost.exe
    67 B
     117 B
     1
    1

    DNS Request

    PCIUkM7KF.nnnn.eu.org

  • 8.8.8.8:53
    kbtUlipi3x.nnnn.eu.org
    dns
    zskhost.exe
    68 B
     118 B
     1
    1

    DNS Request

    kbtUlipi3x.nnnn.eu.org

  • 8.8.8.8:53
    KIafXCJqn.nnnn.eu.org
    dns
    zskhost.exe
    67 B
     117 B
     1
    1

    DNS Request

    KIafXCJqn.nnnn.eu.org

  • 8.8.8.8:53
    uylro9IyXP.nnnn.eu.org
    dns
    zskhost.exe
    68 B
     118 B
     1
    1

    DNS Request

    uylro9IyXP.nnnn.eu.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\debug\zskhost.exe
    Filesize

    51KB

    MD5

    c8c2c208c0639622be1a5f05a01cb3a3

    SHA1

    48817f3857af266451ea869a7f53128c0ef7b0d5

    SHA256

    baee3ce9ce4d4e18451b95fbe9e22242a17b9620e82276eb5eafca69278d1e11

    SHA512

    6cf36cea368438f1f16ff4de4056e1d69ab2f3feb1c98127cbd8541ebe53912c03bccf29ae9b778243c0ab3dbf8633c3c4e29c7bfa9f5d85aa06a772869009e4

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.