Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02/10/2024, 08:08
Static task
static1
Behavioral task
behavioral1
Sample
Zikenzie Public/_.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Zikenzie Public/_.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Zikenzie Public/zikenzie.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Zikenzie Public/zikenzie.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Zikenzie Public/zikenzies.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Zikenzie Public/zikenzies.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Zikenzie Public/zikenzies.exe
-
Size
841KB
-
MD5
9cec6fd7d45321be944bbd9cc24cc9aa
-
SHA1
c18d99d96922a72b0c369e5a1485b6bbc579fb51
-
SHA256
02967ca2aa8fddf23a668018bee0c41e2d49968baa80d4b183f4ffde2d58c84b
-
SHA512
72fc1fd41ae1a96064a04122a7921582f35df5bb168750db16d17a7dd6bb723815b9a134f809e19b6c01f9696b0705caf79b108936257b3d564cb60b55f770a9
-
SSDEEP
24576:iRmJkcoQricOIQxiZY1iaXtGPKMGRuxjk:3JZoQrbTFZY1ia9rwxI
Malware Config
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 checkip.dyndns.org -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language zikenzies.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2100 zikenzies.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe 2100 zikenzies.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Zikenzie Public\zikenzies.exe"C:\Users\Admin\AppData\Local\Temp\Zikenzie Public\zikenzies.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2100