Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
webOS.Dev.Manager_1.13.3_x64_en-US.msi
-
Size
12.6MB
-
Sample
240722-wa9k2azcrq
-
MD5
70fb7e81ddd19dbcdd8e1e03bcff575b
-
SHA1
5783fd87764a4a4b86f7b74c9c9eee591ceea18c
-
SHA256
f5e0a6cc46e4f74c7ea1bffd0e75d5a6de3a2c70376c4025c01417ecbd2284e4
-
SHA512
dc341ecfe79e88b8e07542689db8c74219ada7f513feb2cf8c7f2cf574aee42f4afeb8ba59dd1164fb3bca71041b9651f4ffacbb241a386fdd59141ba8a4259b
-
SSDEEP
196608:KGvCh4ABp7gi3gLZRwT9qmNkxierM1Otkfmwgf3Y3SYwi22BvzVEIR:zvC2Aj7gHZsqOk8v+wcI3S8Zz
Static task
static1
Behavioral task
behavioral1
Sample
webOS.Dev.Manager_1.13.3_x64_en-US.msi
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
webOS.Dev.Manager_1.13.3_x64_en-US.msi
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
webOS.Dev.Manager_1.13.3_x64_en-US.msi
-
Size
12.6MB
-
MD5
70fb7e81ddd19dbcdd8e1e03bcff575b
-
SHA1
5783fd87764a4a4b86f7b74c9c9eee591ceea18c
-
SHA256
f5e0a6cc46e4f74c7ea1bffd0e75d5a6de3a2c70376c4025c01417ecbd2284e4
-
SHA512
dc341ecfe79e88b8e07542689db8c74219ada7f513feb2cf8c7f2cf574aee42f4afeb8ba59dd1164fb3bca71041b9651f4ffacbb241a386fdd59141ba8a4259b
-
SSDEEP
196608:KGvCh4ABp7gi3gLZRwT9qmNkxierM1Otkfmwgf3Y3SYwi22BvzVEIR:zvC2Aj7gHZsqOk8v+wcI3S8Zz
Score6/10-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1