Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

vanish-flo...in.zip

windows7-x64

1

vanish-flo...in.zip

windows10-2004-x64

1

vanish-flo...DME.md

windows7-x64

3

vanish-flo...DME.md

windows10-2004-x64

3

vanish-flo...ns.txt

windows7-x64

1

vanish-flo...ns.txt

windows10-2004-x64

1

vanish-flo...me.txt

windows7-x64

1

vanish-flo...me.txt

windows10-2004-x64

1

vanish-flo...ll.bat

windows7-x64

1

vanish-flo...ll.bat

windows10-2004-x64

1

vanish-flo...ts.txt

windows7-x64

1

vanish-flo...ts.txt

windows10-2004-x64

1

vanish-flo...src.py

windows7-x64

3

vanish-flo...src.py

windows10-2004-x64

3

vanish-flo...rt.bat

windows7-x64

7

vanish-flo...rt.bat

windows10-2004-x64

7

vanish-flo...is.txt

windows7-x64

1

vanish-flo...is.txt

windows10-2004-x64

1

vanish-flo...ial.md

windows7-x64

3

vanish-flo...ial.md

windows10-2004-x64

3

vanish-flo...sh.exe

windows7-x64

7

vanish-flo...sh.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1558s
  • max time network
    1559s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vanish-flooder-main/start.bat

  • Size

    21B

  • MD5

    de1ef4dd337b84f48e94982c50c426dd

  • SHA1

    fbd7f79f9cd1ccb046544116c73eb83142058e19

  • SHA256

    bcd04cf51059743a0322679b896a3d588b66c1b953f7787f6fc97b5911f147da

  • SHA512

    a36673690fa7704e92f1ab2bdd5feaf4fa69759e6c787b63dd9f037f75899c7963a29514224481fe799e9ab494379add442df5143d8593fb1b892ea702dd848a

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\vanish-flooder-main\start.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Local\Temp\vanish-flooder-main\vanish.exe
      vanish.exe
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\vanish.exe
        vanish.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Africa\Banjul
    Filesize

    130B

    MD5

    796a57137d718e4fa3db8ef611f18e61

    SHA1

    23f0868c618aee82234605f5a0002356042e9349

    SHA256

    f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e

    SHA512

    64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Africa\Djibouti
    Filesize

    191B

    MD5

    fe54394a3dcf951bad3c293980109dd2

    SHA1

    4650b524081009959e8487ed97c07a331c13fd2d

    SHA256

    0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466

    SHA512

    fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Africa\Kigali
    Filesize

    131B

    MD5

    a87061b72790e27d9f155644521d8cce

    SHA1

    78de9718a513568db02a07447958b30ed9bae879

    SHA256

    fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e

    SHA512

    3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Africa\Lagos
    Filesize

    180B

    MD5

    89de77d185e9a76612bd5f9fb043a9c2

    SHA1

    0c58600cb28c94c8642dedb01ac1c3ce84ee9acf

    SHA256

    e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4

    SHA512

    e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\America\Curacao
    Filesize

    177B

    MD5

    92d3b867243120ea811c24c038e5b053

    SHA1

    ade39dfb24b20a67d3ac8cc7f59d364904934174

    SHA256

    abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d

    SHA512

    1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\America\Toronto
    Filesize

    1KB

    MD5

    3fa8a9428d799763fa7ea205c02deb93

    SHA1

    222b74b3605024b3d9ed133a3a7419986adcc977

    SHA256

    815ab4db7a1b1292867d2f924b718e1bba32455ce9f92205db2feb65029c6761

    SHA512

    107a4dbb64107f781e3ed17b505baea28d4ca6683c2b49d146dda41c28ca3f9c307809ed938e4152011e199a7be6913de6f7b78cafe8ef300dc3034397945238

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Asia\Shanghai
    Filesize

    393B

    MD5

    dff9cd919f10d25842d1381cdff9f7f7

    SHA1

    2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f

    SHA256

    bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a

    SHA512

    c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Etc\UCT
    Filesize

    111B

    MD5

    51d8a0e68892ebf0854a1b4250ffb26b

    SHA1

    b3ea2db080cd92273d70a8795d1f6378ac1d2b74

    SHA256

    fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93

    SHA512

    4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Europe\Isle_of_Man
    Filesize

    1KB

    MD5

    d111147703d04769072d1b824d0ddc0c

    SHA1

    0c99c01cad245400194d78f9023bd92ee511fbb1

    SHA256

    676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33

    SHA512

    21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Europe\Oslo
    Filesize

    705B

    MD5

    2577d6d2ba90616ca47c8ee8d9fbca20

    SHA1

    e8f7079796d21c70589f90d7682f730ed236afd4

    SHA256

    a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7

    SHA512

    f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Europe\Skopje
    Filesize

    478B

    MD5

    a4ac1780d547f4e4c41cab4c6cf1d76d

    SHA1

    9033138c20102912b7078149abc940ea83268587

    SHA256

    a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6

    SHA512

    7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Greenwich
    Filesize

    111B

    MD5

    e7577ad74319a942781e7153a97d7690

    SHA1

    91d9c2bf1cbb44214a808e923469d2153b3f9a3f

    SHA256

    dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7

    SHA512

    b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Pacific\Wallis
    Filesize

    134B

    MD5

    ba8d62a6ed66f462087e00ad76f7354d

    SHA1

    584a5063b3f9c2c1159cebea8ea2813e105f3173

    SHA256

    09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e

    SHA512

    9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\tzdata\zoneinfo\Pacific\Yap
    Filesize

    154B

    MD5

    bcf8aa818432d7ae244087c7306bcb23

    SHA1

    5a91d56826d9fc9bc84c408c581a12127690ed11

    SHA256

    683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19

    SHA512

    d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\python311.dll
    Filesize

    5.5MB

    MD5

    58e01abc9c9b5c885635180ed104fe95

    SHA1

    1c2f7216b125539d63bd111a7aba615c69deb8ba

    SHA256

    de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

    SHA512

    cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_2784_133652669366344000\vanish.exe
    Filesize

    30.0MB

    MD5

    e959420a2e53e0b25ef617faa86828f0

    SHA1

    cf2657eb7242a01b41e6a633cd0099764ed378ab

    SHA256

    29c083d514d90a30ba4434cc6c70918204b9b99dd534c69bb49b71fd45b32d55

    SHA512

    0310722e6ab735b2ae6fda126a525eea34c846888401a032a6560d1e88c0c9f4e4e25364886b850504be66861d0425f187c57cbca8742a44301599bca241385a

    Download Submit