91ac9006075b4ba38f4861c8167a2f813d827ad64d989aea6adbbf21d5052068 | Triage

Submit
Reports

Overview

overview

8

Static

static

TRENDnetVi....1.exe

windows7-x64

7

TRENDnetVi....1.exe

windows10-2004-x64

8

Sharing

General

Target

TRENDnetView_EVO__x64_1.17.1.exe
Size

515.8MB
Sample

221128-ddr62saa58
MD5

3dcb1f91294980fe3dff208e231f32d4
SHA1

0deccdd466b9e4b814dff35a5375ff0ba20e2aa9
SHA256

91ac9006075b4ba38f4861c8167a2f813d827ad64d989aea6adbbf21d5052068
SHA512

2a614744cad56de54dbf47ae1c138ca863b23ea5d057f3491a637ffd2ce263bf3f7354642a0ba97ed15cc81cef359b76bf6f3f78ed47e81c8d544ca466e136be
SSDEEP

12582912:Gr7kawmBOpRwr7KGYjlnKyphtOgGZuJtnZk64ajxzfppB:DIBqRFGe9hMTZu7z44zfpb

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

TRENDnetView_EVO__x64_1.17.1.exe

Resource

win7-20220812-en

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral2

Sample

TRENDnetView_EVO__x64_1.17.1.exe

Resource

win10v2004-20221111-en

discovery persistence

windows10-2004-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  TRENDnetView_EVO__x64_1.17.1.exe
- Size
  
  515.8MB
- MD5
  
  3dcb1f91294980fe3dff208e231f32d4
- SHA1
  
  0deccdd466b9e4b814dff35a5375ff0ba20e2aa9
- SHA256
  
  91ac9006075b4ba38f4861c8167a2f813d827ad64d989aea6adbbf21d5052068
- SHA512
  
  2a614744cad56de54dbf47ae1c138ca863b23ea5d057f3491a637ffd2ce263bf3f7354642a0ba97ed15cc81cef359b76bf6f3f78ed47e81c8d544ca466e136be
- SSDEEP
  
  12582912:Gr7kawmBOpRwr7KGYjlnKyphtOgGZuJtnZk64ajxzfppB:DIBqRFGe9hMTZu7z44zfpb
Score

8^/10

discovery persistence
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy