f5e0a6cc46e4f74c7ea1bffd0e75d5a6de3a2c70376c4025c01417ecbd2284e4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

webOS.Dev....US.msi

windows7-x64

6

webOS.Dev....US.msi

windows10-2004-x64

6

Resubmissions

22/07/2024, 17:44

240722-wa9k2azcrq 6

22/07/2024, 17:43

240722-wavrwaygmg 1

Sharing

General

Target

webOS.Dev.Manager_1.13.3_x64_en-US.msi
Size

12.6MB
Sample

240722-wa9k2azcrq
MD5

70fb7e81ddd19dbcdd8e1e03bcff575b
SHA1

5783fd87764a4a4b86f7b74c9c9eee591ceea18c
SHA256

f5e0a6cc46e4f74c7ea1bffd0e75d5a6de3a2c70376c4025c01417ecbd2284e4
SHA512

dc341ecfe79e88b8e07542689db8c74219ada7f513feb2cf8c7f2cf574aee42f4afeb8ba59dd1164fb3bca71041b9651f4ffacbb241a386fdd59141ba8a4259b
SSDEEP

196608:KGvCh4ABp7gi3gLZRwT9qmNkxierM1Otkfmwgf3Y3SYwi22BvzVEIR:zvC2Aj7gHZsqOk8v+wcI3S8Zz

Score

6^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

webOS.Dev.Manager_1.13.3_x64_en-US.msi

Resource

win7-20240704-en

discovery persistence privilege_escalation

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

webOS.Dev.Manager_1.13.3_x64_en-US.msi

Resource

win10v2004-20240709-en

persistence privilege_escalation

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  webOS.Dev.Manager_1.13.3_x64_en-US.msi
- Size
  
  12.6MB
- MD5
  
  70fb7e81ddd19dbcdd8e1e03bcff575b
- SHA1
  
  5783fd87764a4a4b86f7b74c9c9eee591ceea18c
- SHA256
  
  f5e0a6cc46e4f74c7ea1bffd0e75d5a6de3a2c70376c4025c01417ecbd2284e4
- SHA512
  
  dc341ecfe79e88b8e07542689db8c74219ada7f513feb2cf8c7f2cf574aee42f4afeb8ba59dd1164fb3bca71041b9651f4ffacbb241a386fdd59141ba8a4259b
- SSDEEP
  
  196608:KGvCh4ABp7gi3gLZRwT9qmNkxierM1Otkfmwgf3Y3SYwi22BvzVEIR:zvC2Aj7gHZsqOk8v+wcI3S8Zz
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Installer Packages

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation

© 2018-2025

Terms | Privacy