Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ZoomInfoCo...exe.7z

windows10-2004-x64

3

ZoomInfoCo...or.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

$TEMP/unin...fc.exe

windows10-2004-x64

7

uninstall.exe.nsis

windows10-2004-x64

3

zi.ico

windows10-2004-x64

3

Resubmissions

21/05/2024, 11:02

240521-m5dmeabb56 7

21/05/2024, 11:01

240521-m4sd6sbb38 3

21/05/2024, 10:58

240521-m25xgsba9t 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZoomInfoContactContributor.exe.7z

  • Size

    144KB

  • Sample

    240521-m5dmeabb56

  • MD5

    49d8389c1bf91d5c2943cb6449542bfb

  • SHA1

    75f2a0931dc417e97a44f019de05164997250840

  • SHA256

    719ce6fa8d023a0ecccf4c2caeda8961debacf6d23444f76e7c9a50274bcd33e

  • SHA512

    c645784f2b2e2c4e61a8ca0a171f8d0003c0fc5f069dd8572fbfbaacf19ad313fb75dd8d7fd9068386adba36ed3c5b3740db63457dad6f850a89a92d1c712ed3

  • SSDEEP

    3072:l2Cqnbv9f/YU182nngociPiRy7grM9/ZDETw7:YCe1YU18OnngRyEA9hR

Score
7/10

Malware Config

Targets

    • Target

      ZoomInfoContactContributor.exe.7z

    • Size

      144KB

    • MD5

      49d8389c1bf91d5c2943cb6449542bfb

    • SHA1

      75f2a0931dc417e97a44f019de05164997250840

    • SHA256

      719ce6fa8d023a0ecccf4c2caeda8961debacf6d23444f76e7c9a50274bcd33e

    • SHA512

      c645784f2b2e2c4e61a8ca0a171f8d0003c0fc5f069dd8572fbfbaacf19ad313fb75dd8d7fd9068386adba36ed3c5b3740db63457dad6f850a89a92d1c712ed3

    • SSDEEP

      3072:l2Cqnbv9f/YU182nngociPiRy7grM9/ZDETw7:YCe1YU18OnngRyEA9hR

    Score
    3/10
    behavioral1

    • Target

      ZoomInfoContactContributor.exe

    • Size

      259KB

    • MD5

      1c0674970e55ff28e3d6d4b9fc435f39

    • SHA1

      e33df0cd1ead927fb3ad769ff311e5598c533da2

    • SHA256

      be790b55b11f6502be0c8cf14f2ab4f9e97debe7e07efde26cf24f3927d791db

    • SHA512

      d7118c1d4df00ba69ac69a8d8907a93122e7414c127280250d1e8dcf5603c762923fc19e26c770b5dcecec306fe1559bb1ea813cdcfadc0031ca72ae29c5b74f

    • SSDEEP

      3072:6gXdZt9P6D3XJazx7Op5KmEOm9Ek1ydrZeDAf1OnV8AHzsFypc9U:6e348t7uUmq9EnvAH4F8uU

    Score
    7/10

    • Loads dropped DLL

    behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      31KB

    • MD5

      83cd62eab980e3d64c131799608c8371

    • SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

    • SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    • SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

    • SSDEEP

      384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/GetVersion.dll

    • Size

      5KB

    • MD5

      2e2412281a205ed8d53aafb3ef770a2d

    • SHA1

      3cae4138e8226866236cf34f8fb00dafb0954d97

    • SHA256

      db09adb6e17b6a0b31823802431ff5209018ee8c77a193ac8077e42e5f15fb00

    • SHA512

      6d57249b7e02e1dfed2e297ec35fb375ecf3abc893d68694f4fa5f2e82ec68c129af9cc5ce3dd4025147309c0832a2847b69334138f3d29c5572ff4e1b16f219

    • SSDEEP

      96:E12kx1WhoMHF7ZmIpNkTif0geoBLERrqm1BdROBh6Hx2WsTDBi46AQuP:Xll7A6NkOMiBEReEBdRwiMTDBi46AQu

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/NSISdl.dll

    • Size

      14KB

    • MD5

      a5f8399a743ab7f9c88c645c35b1ebb5

    • SHA1

      168f3c158913b0367bf79fa413357fbe97018191

    • SHA256

      dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    • SHA512

      824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    • SSDEEP

      192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go

    Score
    3/10
    behavioral5

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    behavioral6

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    behavioral8

    • Target

      $PLUGINSDIR/nsisunz.dll

    • Size

      40KB

    • MD5

      5f13dbc378792f23e598079fc1e4422b

    • SHA1

      5813c05802f15930aa860b8363af2b58426c8adf

    • SHA256

      6e87ecb7f62039fbb6e7676422d1a5e75a32b90dde6865dcb68ee658ba8df61d

    • SHA512

      9270635a5294482f49e0292e26d45dd103b85fe27dc163d44531b095c5f9dbde6b904adaf1a888ba3c112a094380394713c796f5195b2566a20f00b42b6578e5

    • SSDEEP

      384:KExN66Yf2xL5Q4IsjuUjUZfqRDpImexpf88FwHxXvjX3hwlHt6oIfESxSHoOO8n9:O2x64GcVpI3xC8ynToIf1SIOhW4

    Score
    3/10
    behavioral9

    • Target

      $TEMP/uninstall_fc.exe

    • Size

      59KB

    • MD5

      9b5a8a1e1a13cb6f5d344cf5f92866f9

    • SHA1

      db6e74fa5b1abbd8a412e21b437d03d173617bf9

    • SHA256

      9c3e4cbf323170eaf1d82a59496557f8013b65d0853bb05b7c054f0d5d856889

    • SHA512

      2dfc4dae9f743831e2e67861e5cd5a118a967fdba9b0c2655e9e71614fa76762b3fcc175feb98c7801d3f753cfe1156168f9125c905b14c28caa0babb4566aaa

    • SSDEEP

      1536:spgpHzb9dZVX9fHMvG0D3XJzQEyS+EhuL0:6gXdZt9P6D3XJkiU0

    Score
    7/10

    • Executes dropped EXE

    behavioral10

    • Target

      uninstall.exe.nsis

    • Size

      1KB

    • MD5

      90aee3d9384f17a709876e2af84eb3f1

    • SHA1

      bf1ebec2b1e775ae76f9b1415d513152910d18a0

    • SHA256

      0746bbb3015bbacd56edf8cdf589a6a212939ca37d7ef2c92cf0a0dcc2dc41fa

    • SHA512

      4c71166e144ddd0d9198b8aabca699e919ec51224281dfd4407600dbb98ae224e0fb566a6187dc549bb199b0e3fad1dc2e1198596080062d434f81171b698538

    Score
    3/10
    behavioral11

    • Target

      zi.ico

    • Size

      90KB

    • MD5

      b077d8ece6f5ed9dca3accbd322c79ee

    • SHA1

      1876841fe75fda14d4514bde4b8b0f9a4df09fa3

    • SHA256

      751f60a12bfbd64b634ea109ddb728193dc887bd112354c5fe2dc12f2bb1d745

    • SHA512

      135c2f0b3db4a6693c5f0870dc2ab7ece712c568e70f16ff876d61b2dbbb386ed12b90d83c72318a0c85233dc9375662bd3d7e10731ba26ac17b3928b4b352d5

    • SSDEEP

      96:xEO7afMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMPMMMMMMMMMMMMMMMMMMT:xEOe5vvvXnxtIuCaT9OURgTrTV0u

    Score
    3/10
    behavioral12

MITRE ATT&CK Enterprise v15

Tasks