Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
LegendOnline.MSVC_20230822_x64.exe
-
Size
28.5MB
-
Sample
240810-abjkcazerh
-
MD5
50342e2339f687332612b275e4f8f438
-
SHA1
88817c6284b7e7173a28c6f84a64d9eb5cc47b97
-
SHA256
3fdbf77c9b3a76e16719e3e4fce9f7f966dd7e59e0c2750d6144063e993a53b7
-
SHA512
f94730daf48c99dc95bbbd82ad80e65d70e8f9e435ad0824a3a248f9c532bb7532a2ac52e35b34f4cdac1774f906c9869d43867bea0ef5fb931cd877812246ad
-
SSDEEP
393216:etD/KubWwmVzHnGBpCNP2WySTp1ABDw0MgFvicF5M064qraCYZp1DXhfbJf4kw7t:2DSAPEbEUXGTFqcj3Rmybh4kw6DEL
Static task
static1
Behavioral task
behavioral1
Sample
LegendOnline.MSVC_20230822_x64.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
LegendOnline.MSVC_20230822_x64.exe
-
Size
28.5MB
-
MD5
50342e2339f687332612b275e4f8f438
-
SHA1
88817c6284b7e7173a28c6f84a64d9eb5cc47b97
-
SHA256
3fdbf77c9b3a76e16719e3e4fce9f7f966dd7e59e0c2750d6144063e993a53b7
-
SHA512
f94730daf48c99dc95bbbd82ad80e65d70e8f9e435ad0824a3a248f9c532bb7532a2ac52e35b34f4cdac1774f906c9869d43867bea0ef5fb931cd877812246ad
-
SSDEEP
393216:etD/KubWwmVzHnGBpCNP2WySTp1ABDw0MgFvicF5M064qraCYZp1DXhfbJf4kw7t:2DSAPEbEUXGTFqcj3Rmybh4kw6DEL
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1