Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 21:39

General

  • Target

    621f1e5a75e96ce621e64786298188f3eded0bce004463b398bb3ea24e97def5.exe

  • Size

    112KB

  • MD5

    3447c408b24d8b0f156702ee5e1aad37

  • SHA1

    553edd6a22d5a7bfcd369758d7a868a7e778d3c7

  • SHA256

    621f1e5a75e96ce621e64786298188f3eded0bce004463b398bb3ea24e97def5

  • SHA512

    59ed205f5dd3503488fb7c8caba5565ebee7ba071d15f63eecaca8c0454143dcb8af18d9af90a54395a01834bd0da66e140dd17053aa5463b7f9116122621d8a

  • SSDEEP

    3072:6En6+cyXKF+X4g+RXujvcKPUJlZnPo1IpME831bIkI8SZIP90DU6MwsEyPgEwqg7:XcyX1u6EtlNV

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\621f1e5a75e96ce621e64786298188f3eded0bce004463b398bb3ea24e97def5.exe
    "C:\Users\Admin\AppData\Local\Temp\621f1e5a75e96ce621e64786298188f3eded0bce004463b398bb3ea24e97def5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Users\Admin\zeuce.exe
      "C:\Users\Admin\zeuce.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zeuce.exe

    Filesize

    112KB

    MD5

    5289a13ccffae12e0d26deac6c970809

    SHA1

    a5345a5598be211f0adb1e3c7d658d874f2705a6

    SHA256

    50e0155c8e39ef9c39b366f183846c684e42638a47c1caa74d0cb2240caafbc3

    SHA512

    8349cf77abe8bdf7f406ba00b826120c476e02d90b069e91de007fca09be6d1000ab15057b5af5f7a6d45b114d779ddb61333810ba7f57c85b47282779c91e30