Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
167s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
02/11/2023, 23:40
Static task
static1
Behavioral task
behavioral1
Sample
MAGIX.Vegas.Pro.v16.0.307.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
MAGIX.Vegas.Pro.v16.0.307.exe
Resource
win10v2004-20231023-en
General
-
Target
MAGIX.Vegas.Pro.v16.0.307.exe
-
Size
176.2MB
-
MD5
960c561779bf473de4ca03e7d7b1bf7e
-
SHA1
93bbb1078ec75f1c49fb5020948cc955a4ae65d1
-
SHA256
17f33fc2948678135831c58f5179572c04537f61f96ae0a6f4858c2264f288ae
-
SHA512
3f4d2ddfc869c26d8e5ba8ec8ba5524ee6e38ed95c7a2b61779758e446fa95df011b16efd1526b6e9f6d61fe144fad3d9d3a812fd1020f6d9abe529eaed4f8a7
-
SSDEEP
3145728:uI97T0J38xFNuZ3s/9gEbuDjYFoGR9MYcJlXmpT5WWBrlOL0JPJjnyh:nAJRZ8/CYM3lXm/RBZA4Jj0
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 3 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/files/0x0006000000022e29-37.dat acprotect behavioral2/memory/2524-39-0x0000000074110000-0x0000000074119000-memory.dmp acprotect behavioral2/memory/2524-48-0x0000000074110000-0x0000000074119000-memory.dmp acprotect -
Loads dropped DLL 6 IoCs
pid Process 2524 MAGIX.Vegas.Pro.v16.0.307.exe 2524 MAGIX.Vegas.Pro.v16.0.307.exe 2524 MAGIX.Vegas.Pro.v16.0.307.exe 2524 MAGIX.Vegas.Pro.v16.0.307.exe 2524 MAGIX.Vegas.Pro.v16.0.307.exe 2524 MAGIX.Vegas.Pro.v16.0.307.exe -
resource yara_rule behavioral2/files/0x0006000000022e29-37.dat upx behavioral2/memory/2524-39-0x0000000074110000-0x0000000074119000-memory.dmp upx behavioral2/memory/2524-48-0x0000000074110000-0x0000000074119000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3452 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3452 taskmgr.exe Token: SeSystemProfilePrivilege 3452 taskmgr.exe Token: SeCreateGlobalPrivilege 3452 taskmgr.exe Token: SeSecurityPrivilege 2524 MAGIX.Vegas.Pro.v16.0.307.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe 3452 taskmgr.exe
Processes
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3452
-
C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.Pro.v16.0.307.exe"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.Pro.v16.0.307.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\MVP16\Program Files\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_esp.chm
Filesize11KB
MD5174a41bafb43045e170b4419c3f518cb
SHA169150c318384d2109b286f5c195abee5212a7830
SHA256b3fa12b21aa606ad6b8fe57141a081c675acf9ff078349859eb7eaf20cea7792
SHA512e3f1db1bcd21c2aadf0fc805ab63223a296e77d076b72d32764f154c15cd67744b5194be096d8701199ea0b12ccf8edd1e72b358cc93538297227a8c4a560acb
-
Filesize
6KB
MD5869c5949a10b32d3a31966cc5291301b
SHA1329080c974d593ecdefd02afa38dd663a10331c4
SHA256b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c
SHA5123b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca
-
Filesize
5KB
MD5a1cd3f159ef78d9ace162f067b544fd9
SHA172671fdf4bfeeb99b392685bf01081b4a0b3ae66
SHA25647b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6
SHA512ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
8KB
MD555a723e125afbc9b3a41d46f41749068
SHA101618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
SHA2560a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
SHA512559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
-
Filesize
9KB
MD54ccc4a742d4423f2f0ed744fd9c81f63
SHA1704f00a1acc327fd879cf75fc90d0b8f927c36bc
SHA256416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
SHA512790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
Filesize
391KB
MD5c6a070b3e68b292bb0efc9b26e85e9cc
SHA15a922b96eda6595a68fd0a9051236162ff2e2ada
SHA25666ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b
SHA5128eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8
-
Filesize
6KB
MD523d3840adb8f4f1efc083a1f7e640191
SHA1adf0c7daa49637767b2abe2f390d1da4780eea9c
SHA25682a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304
SHA5127743a17141581ffa8023097678bf2eaf6db7d337af45052d00caba74f21f13e7ffa95097b629c3a28a3366eda873afdce240344adfdf7c0ef662a0ba0fe6db25