Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

magix-vega...ws.zip

windows11-21h2-x64

1

MAGIX Vega...t).zip

windows11-21h2-x64

1

MAGIX Vega...ck.txt

windows11-21h2-x64

3

MAGIX Vega...58.exe

windows11-21h2-x64

8

Vegas Pro ...er.jpg

windows11-21h2-x64

3

__ia_thumb.jpg

windows11-21h2-x64

3

magix-vega...orrent

windows11-21h2-x64

3

magix-vega...es.xml

windows11-21h2-x64

1

magix-vega...sqlite

windows11-21h2-x64

3

magix-vega...ta.xml

windows11-21h2-x64

1

magix-vega...ws.xml

windows11-21h2-x64

1

Resubmissions

29/08/2024, 09:25

240829-ldk2qstgph 8

29/08/2024, 09:14

240829-k7qzeawcrm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    magix-vegas-pro-19-build-458-64bit-windows.zip

  • Size

    273.5MB

  • Sample

    240829-ldk2qstgph

  • MD5

    e1118cb97517988a4191fd0b72dfa7eb

  • SHA1

    19c1d8a82f79e5849f0e1666e62217703b4c8cc7

  • SHA256

    5a64ae79d64d12662f2910ace22873a61d28280191657698cf6bb05f46713c6f

  • SHA512

    2739a5542bb7d632609abb9ca1168e3bc713834da9083f715eb3a82a86f5b6fbce9db68cfbb03555fced167ecf7b2a612882c8031a620d55cc9b4a4f4f4fde7f

  • SSDEEP

    6291456:p5SRgz9q7rF47Tsvkoom/T2S59aPlmG6Uhqiy9JkbQDl1FZ:mRgzg7RYsMm7n9aAGomQ51FZ

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      magix-vegas-pro-19-build-458-64bit-windows.zip

    • Size

      273.5MB

    • MD5

      e1118cb97517988a4191fd0b72dfa7eb

    • SHA1

      19c1d8a82f79e5849f0e1666e62217703b4c8cc7

    • SHA256

      5a64ae79d64d12662f2910ace22873a61d28280191657698cf6bb05f46713c6f

    • SHA512

      2739a5542bb7d632609abb9ca1168e3bc713834da9083f715eb3a82a86f5b6fbce9db68cfbb03555fced167ecf7b2a612882c8031a620d55cc9b4a4f4f4fde7f

    • SSDEEP

      6291456:p5SRgz9q7rF47Tsvkoom/T2S59aPlmG6Uhqiy9JkbQDl1FZ:mRgzg7RYsMm7n9aAGomQ51FZ

    Score
    1/10
    behavioral1

    • Target

      MAGIX Vegas Pro 19.0 Build 458 RePack by KpoJIuK (64Bit).zip

    • Size

      272.4MB

    • MD5

      c20fccd8ac617aa92614dbc1349709b7

    • SHA1

      44c01a9eac81a8e161cd2f65a09daccab29ebdaf

    • SHA256

      d0abbea423adca3526072c632fb3ddf6dfa6be06dee35fb0b48368223542d0fc

    • SHA512

      e1748178263a8b30d8e0dc3934af4ddf9a84850c61a1425e15f7ad323f1bad9adf5f34579b13e9c4dc35a4050829387c7036d74f93db0ab74188fa0cd94c9707

    • SSDEEP

      6291456:a5SRgz9q7rF47Tsvkoom/T2S59aPlmG6Uhqiy9JkbQDl1FM:NRgzg7RYsMm7n9aAGomQ51FM

    Score
    1/10
    behavioral2

    • Target

      MAGIX Vegas Pro 19.0 Build 458 RePack by KpoJIuK (64Bit)/Crack.txt

    • Size

      34B

    • MD5

      b32adcecfcb4f73a73e75c0003df5cf7

    • SHA1

      f11ad4b0177498dced7e715a7bb9de9933773bbb

    • SHA256

      62dd0086a4d56d087b0d76cae11e431ff76aa4f5e84158d1b9045dd34c2d076f

    • SHA512

      6d20da29baa31aaaf070e3d0842a8f63bbde57d4200d917cdae9ad1ac7214c2422592eb905827a2615eca56acba649b3a1575e239b66409bdca07329dd0bc339

    Score
    3/10
    behavioral3

    • Target

      MAGIX Vegas Pro 19.0 Build 458 RePack by KpoJIuK (64Bit)/MAGIX.Vegas.Pro.v19.0.458.exe

    • Size

      273.1MB

    • MD5

      1bedeef92eebf22ff8877d4863896b5e

    • SHA1

      53ee359f5e5413ba9eeba280af54815998ef1726

    • SHA256

      b140c2036b2e57e71b72cdcf4cdd6df64d4b41180150b6b953db0c71fdf3f756

    • SHA512

      0525c618c345d4cccb56b6f832c1a1bda13e31f52aced903b687ae218c7c72c5b49be2d2e5c1aefcc4c1137525fc103892e9ecae9db67b0a2d60822fe94cf9de

    • SSDEEP

      6291456:gf+Vv7lueNfC3LOBF8JVfRC+oXGHrlJk4mjQsmL9sBGr3z30:LVv7ceJGOIVZaXGBJkisG7z30

    Score
    8/10
    discoveryevasionexecutionpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral4

    • Target

      Vegas Pro 19 Cover.jpg

    • Size

      1.0MB

    • MD5

      2bf79249172441bea0dc8910cb5b9e1f

    • SHA1

      c4ac77a4076947a7e58dae1645e565995a48a6c7

    • SHA256

      e4170064e5791c1802cfff69d9c26a8428331d56bd9cf5204c7a54885987eb86

    • SHA512

      0f2077f1604abe7429cddf1f3a169c11c7aa9473bef28e71477dddf1a2f7620524f640c8c09cd4d9c457cf831773dc813023f1ed6049d500fd941d3a0df0def0

    • SSDEEP

      24576:BvDFf0YzuqdnveW38TfxmbkhGyiquG0Fk+84sRQ+yNsbsdfXjLE/72CrG:55oqFmW36f8VyRuoc5Ns4dfTLE/7BG

    Score
    3/10
    behavioral5

    • Target

      __ia_thumb.jpg

    • Size

      13KB

    • MD5

      3600b47bfab6b80d7a1a29ee186949e0

    • SHA1

      5ea2243e82b52f11dacad8b3fe82974e9218a78f

    • SHA256

      9ea91abfe89c225e313f26361b1d062ef7d09b872b66fe8a18284065d3730e39

    • SHA512

      5b69303a9faa469397b259c7076c9733524a7a29fdcfc66b61838fdb40d0eef03ac868e923f27393518339009242c85f1cefb8a7df3546df89da338fea4ddb08

    • SSDEEP

      384:WSvBgeMH+/3eyw4j5jr5d26x6TzDwjAadJtcxyIUXUXI:WS+7H2Oda5k6ITzQd+BXI

    Score
    3/10
    behavioral6

    • Target

      magix-vegas-pro-19-build-458-64bit-windows_archive.torrent

    • Size

      13KB

    • MD5

      650a99063fc8fafa2529a99a69a1cd7c

    • SHA1

      ce829663ac0528f0258e329bc2e71ef154ccee6a

    • SHA256

      cc4e954fa5c1eeb67232db892ba6191aad2e74b477ac65b8af4a8522add65874

    • SHA512

      23ef5634a3f0c41aadcbf1c4736f9db6c59e67dabf90cc49bea533c4c036132f45d9bd07f4f9bf788a3d374a7758859412dcdafb54b411fd51506b4e00aea54f

    • SSDEEP

      192:gQQhjhHFafCPN3zzgS/tyfsMwJyM9tJoJFcHkMVsLOiEUn7MwAIzJQAE5Py9bH8Q:gzNlCCFjzgMxEMGFcHkFtrpnoPGcQ

    Score
    3/10
    behavioral7

    • Target

      magix-vegas-pro-19-build-458-64bit-windows_files.xml

    • Size

      2KB

    • MD5

      c0c5ff364b569486af6b5901dc4f0dee

    • SHA1

      f876b0b0e7ac1f7eef2bf1de25717de285d62283

    • SHA256

      3d73bb53201e36885a2da1ac55aadbe3ddbef5b32b55bf289528f4c5bc8baec4

    • SHA512

      966002282d528352d809d849e9edcf1883a64059101aec232f16c2d31bf0b5033c42a67922f68d418ac0b0a1913e605d6b85e8abd8bafb644f4ce847fbaadabc

    Score
    1/10
    behavioral8

    • Target

      magix-vegas-pro-19-build-458-64bit-windows_meta.sqlite

    • Size

      28KB

    • MD5

      6772afa1a102c6683c4113f8d8ff9171

    • SHA1

      1f07c290ee0078574455b6c287dc55983de7e877

    • SHA256

      16a477335ea56d52022a2b36e3c31c7eb3846b753d609ab0d066624db623cc80

    • SHA512

      56f5950610dc1a3e5883c2c7b9511dadd38aa578faf08c4aabdfd329344b8f000c8605a206e2ba622e7fdf2675086163fc48d9ee0118ec9cac11d8a600896602

    • SSDEEP

      96:5f+dlYzumbqdUqABItH/8i9czumbqdUqABItHth:ywygItzQygItL

    Score
    3/10
    behavioral9

    • Target

      magix-vegas-pro-19-build-458-64bit-windows_meta.xml

    • Size

      1KB

    • MD5

      5fcf18b972a3931fa4571c5433cec4c9

    • SHA1

      25ccb93e74dc2be497e4bbc16a3b346013142640

    • SHA256

      698aed74d402b5452f052ed8e79361c009deb3885ab94efb92c56a781e0219a3

    • SHA512

      a76e43ef7b69f85a881dd9f218ba7437e0e2a3f1e1b3142704c2db3d6039c3747acdc9206d1ee3cd0628e1433c8270162c8181436a21d9eb8f1b777a23714605

    Score
    1/10
    behavioral10

    • Target

      magix-vegas-pro-19-build-458-64bit-windows_reviews.xml

    • Size

      949B

    • MD5

      4874a5bc902f95d4c0c11bfd478f572a

    • SHA1

      3fbf127aee93a907c4971429502239e8d395a68a

    • SHA256

      51540290f2142247abdb03e06d1160217e5f7296df3bbf069e785727bf456cc4

    • SHA512

      6591a16133675c6eb0c80dca3988eee1805f6cab40526b525ce6cf96d3486170fda2a61bca0ecc2358301dc6943b04ecd960a5e78a71860ed510e3cd4cdb6b53

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks