Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ZdVkArFtVOs.exe

windows7-x64

7

ZdVkArFtVOs.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZdVkArFtVOs.zip

  • Size

    1.4MB

  • Sample

    240701-bklxhavdlm

  • MD5

    773becbea626f56bca18bc3e74dbb35b

  • SHA1

    8519d1b247cb741931401643b82a104d929d6a58

  • SHA256

    13df631a797ab9dffaa85311c538151803ddbaeb011dcdd84ef0a9d4debcf29a

  • SHA512

    fb8d754b09c6de0c2bfd0de0a72c2d25a0c6d63f6bf84e8340fd3f0e83bfc840f0b4058151a5b8d21436ccc5f21bfc0c4b32da512106e8998e8cbc9b7d245f04

  • SSDEEP

    24576:koLU0kBPhaOk182jV+EAdIzeeDHMmqk1kO9x7EuE1gC1S6W/A2FFKX7C61:FLp1825AdFeDHMlk1dtsgZFFKLr1

Score
7/10
upx

Malware Config

Targets

    • Target

      ZdVkArFtVOs.exe

    • Size

      1.4MB

    • MD5

      c9af6841029366d803a93b001ddb7da7

    • SHA1

      a9dd119d215b48730f36812985f8769ba6160305

    • SHA256

      87391e2f2e5d0c85b4b2436846a02dcc1dfac56d414867b85644ad0644009b7b

    • SHA512

      3e5d9b8a9d62ca85347696f8c0f1d2fd63325d41c570b444259dfb1e165cc237c2aa295401e46e3cddc7dfdb471d534dac5bd5aaff1c8cc7d47add7cdeaac674

    • SSDEEP

      24576:QvEkzLhaUON8Q9X2EjvdssVDn4y1gUZsG9BHgcsjhO8tL1SRrUHoxpBPmMRB:RH8QBLdFDn49UDxgcsjhO8tZurewB

    Score
    7/10
    upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks