Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ScreenConnect.ClientSetup.exe

  • Size

    5.2MB

  • Sample

    240514-xxgn7scd95

  • MD5

    5100c35ddc2ca0709857fa1b93e2fd6d

  • SHA1

    d71cbdb3e8729cc071f20b86f3cdc534da93a880

  • SHA256

    585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614

  • SHA512

    a50e2211e83d920e08e2c5030e2ff35e90905a7039b513a0ddd26b8eb8b19de0da5ee0c71da159c78ca082b4758926726257b8d5ce6fc505e4e6ef79d59d3202

  • SSDEEP

    98304:3ps6efPfBOPvLtabi4X0MV+dYdcGt7VIb4:ZfefPJws3V+a

Score
8/10

Malware Config

Targets

    • Target

      ScreenConnect.ClientSetup.exe

    • Size

      5.2MB

    • MD5

      5100c35ddc2ca0709857fa1b93e2fd6d

    • SHA1

      d71cbdb3e8729cc071f20b86f3cdc534da93a880

    • SHA256

      585af37e89555cdf0398a491a67f0c501f97c1d9f1ca47569f134b2a4aa6f614

    • SHA512

      a50e2211e83d920e08e2c5030e2ff35e90905a7039b513a0ddd26b8eb8b19de0da5ee0c71da159c78ca082b4758926726257b8d5ce6fc505e4e6ef79d59d3202

    • SSDEEP

      98304:3ps6efPfBOPvLtabi4X0MV+dYdcGt7VIb4:ZfefPJws3V+a

    Score
    8/10
    • Sets service image path in registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks