Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7ZenStudio_...76.exe
windows11-21h2-x64
7$PLUGINSDI...er.dll
windows11-21h2-x64
3$PLUGINSDI...ns.dll
windows11-21h2-x64
3$PLUGINSDI...el.dll
windows11-21h2-x64
7$PLUGINSDI...nu.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...dl.dll
windows11-21h2-x64
3ZenStudio.exe
windows11-21h2-x64
1Analysis
-
max time kernel
1795s -
max time network
1503s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/07/2024, 10:08
Behavioral task
behavioral1
Sample
ZenStudio_Setup_v1.5.0_Build_76.exe
Resource
win11-20240709-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/DotNetChecker.dll
Resource
win11-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20240709-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win11-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win11-20240709-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsisdl.dll
Resource
win11-20240709-en
Behavioral task
behavioral8
Sample
ZenStudio.exe
Resource
win11-20240709-en
General
-
Target
ZenStudio.exe
-
Size
19.6MB
-
MD5
1fae469528fcc28ec48eb939b39f8a69
-
SHA1
21f3642dbc8a5b7bd60cd285490f119aacdaa1a8
-
SHA256
49e2e48406ae2b43df1e04c20c2fd13b9b25d7d16eb07bfe268f471ee755208c
-
SHA512
16eb03db6c71770be6b142949f1eaee6ffd5839543d781b8870455cde089db643538c3ed12c2e03da43ec1e4a71ed0454343e23915a2ead9dcb0ff09432f17c1
-
SSDEEP
393216:vM13RE6vuMqY6WIm9FzFfKTIX8g2JnniEMbvJBvoFzENUZM2Ez05Ts:vM13BmS7FYniEGRliNFE8s
Malware Config
Signatures
-
Modifies registry class 7 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\URL PROTOCOL ZenStudio.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open\command ZenStudio.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell ZenStudio.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open ZenStudio.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZenStudio.exe \"%1\"" ZenStudio.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio ZenStudio.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ZenStudio\ = "URL: Zen Studio Protocol" ZenStudio.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe 3136 ZenStudio.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3136 ZenStudio.exe