Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ec4f09f82d...d3.exe

windows10-2004-x64

10

efd97b1038...ea4.js

windows10-2004-x64

3

emotet_exe...04.exe

windows10-2004-x64

10

emotet_exe...23.exe

windows10-2004-x64

10

eupdate.exe

windows10-2004-x64

7

f4f47c67be...3f.exe

windows10-2004-x64

10

fb5d110ced...9c.exe

windows10-2004-x64

6

fee15285c3...35.exe

windows10-2004-x64

10

file(1).exe

windows10-2004-x64

1

file.exe

windows10-2004-x64

7

gjMEi6eG.exe

windows10-2004-x64

10

good.exe

windows10-2004-x64

10

hyundai st...1).exe

windows10-2004-x64

10

hyundai st...10.exe

windows10-2004-x64

10

infected d...er.exe

windows10-2004-x64

10

inps_979.xls

windows10-2004-x64

1

jar.jar

windows10-2004-x64

10

june9.dll

windows10-2004-x64

10

mouse_2.exe

windows10-2004-x64

10

oof.exe

windows10-2004-x64

3

openme.exe

windows10-2004-x64

10

ou55sg33s_1.exe

windows10-2004-x64

10

senate.dll

windows10-2004-x64

10

starticon3.exe

windows10-2004-x64

10

str.dll

windows10-2004-x64

10

svchost.exe

windows10-2004-x64

10

update.exe

windows10-2004-x64

10

vir1.xlsx

windows10-2004-x64

1

wwf[1].exe

windows10-2004-x64

10

xNet.dll

windows10-2004-x64

1

전산 및...��.exe

windows10-2004-x64

10

전산 및...�1.exe

windows10-2004-x64

10

Resubmissions

01/03/2025, 18:58

250301-xmhhrayp15 10

01/03/2025, 18:55

250301-xkqrcaypx7 10

Analysis

  • max time kernel
    90s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2024, 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    senate.dll

  • Size

    575KB

  • MD5

    8bdb30d9f3c697d3f12aea9dd3d83a60

  • SHA1

    f89fc63457ce4914b5e41ed0b17af0a9e1ac6119

  • SHA256

    3bc843b534c96a38ab8f4b785f902f70dc8ebd48164aa0870562da285c49a9ec

  • SHA512

    bc7f688736b607baea107ea20d1e6686aed9619b7f10b81b95a74ac652c09696a83160f603c5b106498643c10c8eb60572ffbdcd23db6c12e68c15d9dec5f905

  • SSDEEP

    3072:1YkPy807G4DQRGSiZ+LwbUcsNTJiFJwjjeh2ULOgKNIfvqoaAUk/vQExVxynJf0m:FPyH7l+4sdJeJoW4gO6q2vfLxyZ

Score
10/10
zloaderspx139spx139botnetdiscoverytrojan

Malware Config

Extracted

Family

zloader

Botnet

spx139

Campaign

spx139

C2

https://xeemoquo.top/treusparq.php

https://leeephee.top/treusparq.php

https://withifceale.top/treusparq.php

https://wpsnoum.pw/treusparq.php

https://wsaexdig.pw/treusparq.php
Attributes
  • build_id

    11

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader family
    zloader
  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\senate.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\senate.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4328-2-0x0000000000CE0000-0x0000000000D09000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4328-1-0x0000000000D70000-0x0000000000D9C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4328-0-0x0000000000CE0000-0x0000000000D09000-memory.dmp

    Filesize

    164KB

    Download