Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RG_MagicBulletSuite2024_DownloadPirate.com.rar
-
Size
345.5MB
-
Sample
240620-swg65ayern
-
MD5
e45c92d2eb2e59f831bf397fc31359bb
-
SHA1
0c6686f4a3e7b4bfef4714617f43abe55f3b5f96
-
SHA256
b68381bcb0c705ba6f55c673f208bc21f3543e3727227eacd2fcb16605df3b16
-
SHA512
cb8645d4e2c1018c0058a533d8c73e89f31cfd2877c130114ad07d8c96b01a5575b26ee924fad29c90849c08a42c3839460b02ad8c5e9ec3ce6a1af617d65c83
-
SSDEEP
6291456:oIprhvDR7sWM6abl5rHtbGaoOy8t+quy1ATOULjrosJJlNd4WRyltBlt2wLrZwM6:o03gl5rNbtob8tN2iWfJLd4WRyjBjpSr
Static task
static1
Behavioral task
behavioral1
Sample
RG_MagicBulletSuite2024_DownloadPirate.com.rar
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
RG_MagicBulletSuite2024_DownloadPirate.com.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
RG_MagicBulletSuite2024_DownloadPirate.com.rar
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
RG_MagicBulletSuite2024_DownloadPirate.com.rar
-
Size
345.5MB
-
MD5
e45c92d2eb2e59f831bf397fc31359bb
-
SHA1
0c6686f4a3e7b4bfef4714617f43abe55f3b5f96
-
SHA256
b68381bcb0c705ba6f55c673f208bc21f3543e3727227eacd2fcb16605df3b16
-
SHA512
cb8645d4e2c1018c0058a533d8c73e89f31cfd2877c130114ad07d8c96b01a5575b26ee924fad29c90849c08a42c3839460b02ad8c5e9ec3ce6a1af617d65c83
-
SSDEEP
6291456:oIprhvDR7sWM6abl5rHtbGaoOy8t+quy1ATOULjrosJJlNd4WRyltBlt2wLrZwM6:o03gl5rNbtob8tN2iWfJLd4WRyjBjpSr
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Browser Extensions
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Modify Registry
5Pre-OS Boot
1Bootkit
1