Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup_zx2010.exe

windows7-x64

7

Setup_zx2010.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_zx2010.exe

  • Size

    4.1MB

  • MD5

    383f2b97a532ef3a832e26ae3b892f13

  • SHA1

    bc4c1259502d1e00a94a47c657376d4786035ff9

  • SHA256

    c0db9820f687dc05eb44e5a0a3d2567a04bff3c7b926153c901e1c96d9b4fadf

  • SHA512

    c8387712d9f1699ee4a54687c7ae1f745025b31407cc7a75e7ca0dc3ca738a22274d42b5e88ed302552ae76038e3c4ba87aa2073043edf1dcbcfc1b5907c40ea

  • SSDEEP

    98304:1Z95cWADVE1DreFzdSXJ4HG6H5MU/BeJ2eM:1+WAZENmSXiGSVBAbM

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_zx2010.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_zx2010.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
      __IRAOFF:516620 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\Setup_zx2010.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:4756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\IRIMG2.BMP
    Filesize

    156KB

    MD5

    1da314d205557209e3730960230917e4

    SHA1

    a3b37556db8cf3696a213c3d283ccaa62f2c1e97

    SHA256

    d0ebce541c397cd5e98223e3e6e02f8ba788e24cf9d16b2fa3571e7965c51cca

    SHA512

    df3b4a27732d6a89f29a47b4bc00bba0307c66113eb3ea1d09ab8b715c468518071a6f00030cf1eb708d9452e229f222752abfadfba74d843bf68af83fde279c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\irsetup.exe
    Filesize

    440KB

    MD5

    75ca7ff96bf5a316c3af2de6a412bd54

    SHA1

    0a093950790ff0dddff6f5f29c6b02c10997e0c5

    SHA256

    d95b5bf9ca97c1900de5357743282bab655d61d616606485088e1708559b7cf1

    SHA512

    b8da86f2f1e908955254e5168d0447f479cec7815a8b081a7b38eb87187cb2eb992109c67e006361b96bc1529ee8abc9dc477d78e9ca565e43f5415b492771d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf7_temp_0\setup_zx.ico
    Filesize

    18KB

    MD5

    3a80be8d848c67b23a6600e5131933f2

    SHA1

    f65bea734a4e2539af11989f8f8fa8a452a99f3e

    SHA256

    5f93120ad2532c01c1d03803665cf70a7a9286c6e17e0f93f91e222d75809473

    SHA512

    d057398721305c83a30664e8fab25eb8d6740c5ff17e9b1bb3935bfb6d4eb0754d3e402a4a75269a84e925c2ece21d559a8f4d6a398e9edc1158f1181bd5e8c6

    Download Submit

  • memory/4756-4-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4756-20-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download