Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Zif.Interf....4.exe

windows10-2004-x64

7

Resubmissions

03/05/2024, 20:57

240503-zrnlnseh9z 8

03/05/2024, 20:55

240503-zqlqpahh32 7

03/05/2024, 20:38

240503-zexntahf66 7

Analysis

  • max time kernel
    591s
  • max time network
    454s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Zif.Interface.OpcDa.4.16.4.exe

  • Size

    5.0MB

  • MD5

    76c8248c5ea0c43c13bfc599b8c8c52c

  • SHA1

    e52826239f56871fa201c05b69e75f378f0b5320

  • SHA256

    e41f23cb5f8bfc98bc4724859d0a28ec4b747e6022ae76f01bbf0e6afbbcf6cf

  • SHA512

    35fcee8501135dc5321f805fe1346b21702908a02980bc5cf3bc30975da36360f52867f0bc1d2ecbd03cb5f1d8dae05c8d648fb98675fcf5fa1d22c89b09b0a9

  • SSDEEP

    98304:ZOWwlEr4eijEBfjymyC0L/AVob9LXXn/fY3DiKj6DVprSRDMy+1X:EWwlEr4ecmB0L/++XXHW27reRDMTB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Zif.Interface.OpcDa.4.16.4.exe
    "C:\Users\Admin\AppData\Local\Temp\Zif.Interface.OpcDa.4.16.4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Users\Admin\AppData\Local\Temp\is-SV5K3.tmp\Zif.Interface.OpcDa.4.16.4.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SV5K3.tmp\Zif.Interface.OpcDa.4.16.4.tmp" /SL5="$70092,4955460,58368,C:\Users\Admin\AppData\Local\Temp\Zif.Interface.OpcDa.4.16.4.exe"
      2⤵
      • Executes dropped EXE
      PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-SV5K3.tmp\Zif.Interface.OpcDa.4.16.4.tmp
    Filesize

    702KB

    MD5

    1afbd25db5c9a90fe05309f7c4fbcf09

    SHA1

    baf330b5c249ca925b4ea19a52fe8b2c27e547fa

    SHA256

    3bb0ee5569fe5453c6b3fa25aa517b925d4f8d1f7ba3475e58fa09c46290658c

    SHA512

    3a448f06862c6d163fd58b68b836d866ae513e04a69774abf5a0c5b7df74f5b9ee37240083760185618c5068bf93e7fd812e76b3e530639111fb1d74f4d28419

    Download Submit

  • memory/208-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/208-3-0x0000000000401000-0x000000000040C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/208-8-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4512-6-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/4512-9-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download