General
-
Target
TRENDnetView_EVO__x64_1.17.1.exe
-
Size
515.8MB
-
Sample
221128-ddr62saa58
-
MD5
3dcb1f91294980fe3dff208e231f32d4
-
SHA1
0deccdd466b9e4b814dff35a5375ff0ba20e2aa9
-
SHA256
91ac9006075b4ba38f4861c8167a2f813d827ad64d989aea6adbbf21d5052068
-
SHA512
2a614744cad56de54dbf47ae1c138ca863b23ea5d057f3491a637ffd2ce263bf3f7354642a0ba97ed15cc81cef359b76bf6f3f78ed47e81c8d544ca466e136be
-
SSDEEP
12582912:Gr7kawmBOpRwr7KGYjlnKyphtOgGZuJtnZk64ajxzfppB:DIBqRFGe9hMTZu7z44zfpb
Static task
static1
Behavioral task
behavioral1
Sample
TRENDnetView_EVO__x64_1.17.1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TRENDnetView_EVO__x64_1.17.1.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
TRENDnetView_EVO__x64_1.17.1.exe
-
Size
515.8MB
-
MD5
3dcb1f91294980fe3dff208e231f32d4
-
SHA1
0deccdd466b9e4b814dff35a5375ff0ba20e2aa9
-
SHA256
91ac9006075b4ba38f4861c8167a2f813d827ad64d989aea6adbbf21d5052068
-
SHA512
2a614744cad56de54dbf47ae1c138ca863b23ea5d057f3491a637ffd2ce263bf3f7354642a0ba97ed15cc81cef359b76bf6f3f78ed47e81c8d544ca466e136be
-
SSDEEP
12582912:Gr7kawmBOpRwr7KGYjlnKyphtOgGZuJtnZk64ajxzfppB:DIBqRFGe9hMTZu7z44zfpb
Score8/10-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-