Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Avira Phantom VPN Pro 2.44.1.19908.exe
-
Size
5.2MB
-
Sample
240712-2lh54swckd
-
MD5
0fe5732c15e8150c8f107a0e73db4e45
-
SHA1
a3b4e14d09b82d365dbf52480854e399b2672f34
-
SHA256
940ec4012984218f6e314d793c995b3cb3c3366aabba0308fece77fe2ed7abb7
-
SHA512
2cedc194be8ec37a7d035bcf4af42ea74a6a51fa220ea2d9edc406ae5a7b4dea022f1287c09a22f59a552e23a20730821184434cee2879371db0a78897d0e292
-
SSDEEP
98304:w0FHAF/aUuvI2peNyoiOC+uWiOqXL6cY9J54jqrZwY8v:xFHAFdCpwy+PeOZ9J5v2YQ
Static task
static1
Behavioral task
behavioral1
Sample
Avira Phantom VPN Pro 2.44.1.19908.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Avira Phantom VPN Pro 2.44.1.19908.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Avira Phantom VPN Pro 2.44.1.19908.exe
-
Size
5.2MB
-
MD5
0fe5732c15e8150c8f107a0e73db4e45
-
SHA1
a3b4e14d09b82d365dbf52480854e399b2672f34
-
SHA256
940ec4012984218f6e314d793c995b3cb3c3366aabba0308fece77fe2ed7abb7
-
SHA512
2cedc194be8ec37a7d035bcf4af42ea74a6a51fa220ea2d9edc406ae5a7b4dea022f1287c09a22f59a552e23a20730821184434cee2879371db0a78897d0e292
-
SSDEEP
98304:w0FHAF/aUuvI2peNyoiOC+uWiOqXL6cY9J54jqrZwY8v:xFHAFdCpwy+PeOZ9J5v2YQ
-
Creates new service(s)
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1