Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
magix-vegas-pro-19-build-458-64bit-windows.zip
-
Size
273.5MB
-
Sample
240829-k7qzeawcrm
-
MD5
e1118cb97517988a4191fd0b72dfa7eb
-
SHA1
19c1d8a82f79e5849f0e1666e62217703b4c8cc7
-
SHA256
5a64ae79d64d12662f2910ace22873a61d28280191657698cf6bb05f46713c6f
-
SHA512
2739a5542bb7d632609abb9ca1168e3bc713834da9083f715eb3a82a86f5b6fbce9db68cfbb03555fced167ecf7b2a612882c8031a620d55cc9b4a4f4f4fde7f
-
SSDEEP
6291456:p5SRgz9q7rF47Tsvkoom/T2S59aPlmG6Uhqiy9JkbQDl1FZ:mRgzg7RYsMm7n9aAGomQ51FZ
Malware Config
Targets
-
-
Target
MAGIX Vegas Pro 19.0 Build 458 RePack by KpoJIuK (64Bit)/MAGIX.Vegas.Pro.v19.0.458.exe
-
Size
273.1MB
-
MD5
1bedeef92eebf22ff8877d4863896b5e
-
SHA1
53ee359f5e5413ba9eeba280af54815998ef1726
-
SHA256
b140c2036b2e57e71b72cdcf4cdd6df64d4b41180150b6b953db0c71fdf3f756
-
SHA512
0525c618c345d4cccb56b6f832c1a1bda13e31f52aced903b687ae218c7c72c5b49be2d2e5c1aefcc4c1137525fc103892e9ecae9db67b0a2d60822fe94cf9de
-
SSDEEP
6291456:gf+Vv7lueNfC3LOBF8JVfRC+oXGHrlJk4mjQsmL9sBGr3z30:LVv7ceJGOIVZaXGBJkisG7z30
Score8/10-
Modifies Windows Firewall
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1