Overview

overview

8

Static

static

3

MAGIX Vega...58.exe

windows10-2004-x64

8

Resubmissions

29/08/2024, 09:25 UTC

240829-ldk2qstgph 8

29/08/2024, 09:14 UTC

240829-k7qzeawcrm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    magix-vegas-pro-19-build-458-64bit-windows.zip

  • Size

    273.5MB

  • Sample

    240829-k7qzeawcrm

  • MD5

    e1118cb97517988a4191fd0b72dfa7eb

  • SHA1

    19c1d8a82f79e5849f0e1666e62217703b4c8cc7

  • SHA256

    5a64ae79d64d12662f2910ace22873a61d28280191657698cf6bb05f46713c6f

  • SHA512

    2739a5542bb7d632609abb9ca1168e3bc713834da9083f715eb3a82a86f5b6fbce9db68cfbb03555fced167ecf7b2a612882c8031a620d55cc9b4a4f4f4fde7f

  • SSDEEP

    6291456:p5SRgz9q7rF47Tsvkoom/T2S59aPlmG6Uhqiy9JkbQDl1FZ:mRgzg7RYsMm7n9aAGomQ51FZ

Score
8/10
discoveryevasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      MAGIX Vegas Pro 19.0 Build 458 RePack by KpoJIuK (64Bit)/MAGIX.Vegas.Pro.v19.0.458.exe

    • Size

      273.1MB

    • MD5

      1bedeef92eebf22ff8877d4863896b5e

    • SHA1

      53ee359f5e5413ba9eeba280af54815998ef1726

    • SHA256

      b140c2036b2e57e71b72cdcf4cdd6df64d4b41180150b6b953db0c71fdf3f756

    • SHA512

      0525c618c345d4cccb56b6f832c1a1bda13e31f52aced903b687ae218c7c72c5b49be2d2e5c1aefcc4c1137525fc103892e9ecae9db67b0a2d60822fe94cf9de

    • SSDEEP

      6291456:gf+Vv7lueNfC3LOBF8JVfRC+oXGHrlJk4mjQsmL9sBGr3z30:LVv7ceJGOIVZaXGBJkisG7z30

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalation

    • Modifies Windows Firewall

      evasion

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

5
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.