Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ZoraraVVVER2.8.zip

windows11-21h2-x64

1

ZoraraUI.deps.json

windows11-21h2-x64

3

ZoraraUI.r...g.json

windows11-21h2-x64

3

bin/Monaco...in.css

windows11-21h2-x64

3

settings.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...et.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/..._1.txt

windows11-21h2-x64

3

workspace/..._2.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...tefile

windows11-21h2-x64

1

workspace/...le.txt

windows11-21h2-x64

3

workspace/...29.txt

windows11-21h2-x64

3

workspace/...22.lua

windows11-21h2-x64

3

workspace/...ed.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...le.txt

windows11-21h2-x64

3

workspace/...es.txt

windows11-21h2-x64

3

workspace/...t.json

windows11-21h2-x64

3

workspace/...em.png

windows11-21h2-x64

3

workspace/...n1.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...nd.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...st.png

windows11-21h2-x64

3

workspace/...r1.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

workspace/...on.png

windows11-21h2-x64

3

xxhash.dll

windows11-21h2-x64

1

zstd.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/09/2024, 03:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/Monaco/vs/editor/editor.main.css

  • Size

    294KB

  • MD5

    23c7db6e12f6454ef6e7fb98d17924d8

  • SHA1

    06398b44a338db5eeab2d461347334fc69af5af1

  • SHA256

    615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451

  • SHA512

    5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924

  • SSDEEP

    6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\bin\Monaco\vs\editor\editor.main.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads