8a4bc3c07e092cff01adc4db11e1638425ce9659d1bc5ae7f2bf892786a25d71 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Windscribe...15.exe

windows7-x64

1

Windscribe...15.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

Windscribe_2.10.15.exe
Size

24.6MB
Sample

240714-zypgjswfnf
MD5

86b2e5afec657a4524fb0807403d64fa
SHA1

47434dfda77637d58bf89e9068a200a8c57f46b1
SHA256

8a4bc3c07e092cff01adc4db11e1638425ce9659d1bc5ae7f2bf892786a25d71
SHA512

2a511bd968ba121bc2fbf8fc5885d50c6e819c221c98093f40b4fc21741b721541e30cf552eb0fe60311bf6279e252955d4cdf7d9b85bd6c4834e28eab70686a
SSDEEP

786432:AthwIlasS4HIka0h4qkcfwKL1CfkEdtgce:uO4HpMU1ge

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Windscribe_2.10.15.exe

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Windscribe_2.10.15.exe

Resource

win10v2004-20240709-en

discovery persistence privilege_escalation

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  Windscribe_2.10.15.exe
- Size
  
  24.6MB
- MD5
  
  86b2e5afec657a4524fb0807403d64fa
- SHA1
  
  47434dfda77637d58bf89e9068a200a8c57f46b1
- SHA256
  
  8a4bc3c07e092cff01adc4db11e1638425ce9659d1bc5ae7f2bf892786a25d71
- SHA512
  
  2a511bd968ba121bc2fbf8fc5885d50c6e819c221c98093f40b4fc21741b721541e30cf552eb0fe60311bf6279e252955d4cdf7d9b85bd6c4834e28eab70686a
- SSDEEP
  
  786432:AthwIlasS4HIka0h4qkcfwKL1CfkEdtgce:uO4HpMU1ge
Score

8^/10

discovery persistence privilege_escalation
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy