585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

ScreenConn...up.exe

windows7-x64

8

ScreenConn...up.exe

windows10-2004-x64

8

ScreenConn...up.exe

windows11-21h2-x64

8

Sharing

General

Target

ScreenConnect.ClientSetup.exe
Size

5.2MB
Sample

240514-xxgn7scd95
MD5

5100c35ddc2ca0709857fa1b93e2fd6d
SHA1

d71cbdb3e8729cc071f20b86f3cdc534da93a880
SHA256

585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614
SHA512

a50e2211e83d920e08e2c5030e2ff35e90905a7039b513a0ddd26b8eb8b19de0da5ee0c71da159c78ca082b4758926726257b8d5ce6fc505e4e6ef79d59d3202
SSDEEP

98304:3ps6efPfBOPvLtabi4X0MV+dYdcGt7VIb4:ZfefPJws3V+a

Score

8^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

ScreenConnect.ClientSetup.exe

Resource

win7-20240419-en

windows7-x64

20 signatures

1200 seconds

Behavioral task

behavioral2

Sample

ScreenConnect.ClientSetup.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

21 signatures

1200 seconds

Behavioral task

behavioral3

Sample

ScreenConnect.ClientSetup.exe

Resource

win11-20240508-en

windows11-21h2-x64

20 signatures

1200 seconds

Malware Config

Targets

- Target
  
  ScreenConnect.ClientSetup.exe
- Size
  
  5.2MB
- MD5
  
  5100c35ddc2ca0709857fa1b93e2fd6d
- SHA1
  
  d71cbdb3e8729cc071f20b86f3cdc534da93a880
- SHA256
  
  585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614
- SHA512
  
  a50e2211e83d920e08e2c5030e2ff35e90905a7039b513a0ddd26b8eb8b19de0da5ee0c71da159c78ca082b4758926726257b8d5ce6fc505e4e6ef79d59d3202
- SSDEEP
  
  98304:3ps6efPfBOPvLtabi4X0MV+dYdcGt7VIb4:ZfefPJws3V+a
Score

8^/10

persistence
- Sets service image path in registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy