Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
video_editor_x64.exe
-
Size
114.7MB
-
Sample
241013-ysk2hawbjc
-
MD5
c933e930d461ca97651075a73644b9e3
-
SHA1
4ed6356f544699d058a122ecc5148f046a1af7ec
-
SHA256
4f7bf5eec173898d67e693ae48351e6ca813a1478cea7bbf3359d96b90c37bb7
-
SHA512
1bebf5ab403ea6d512f2205470c87b5acd99b75766a6a156d6262bce17a51053594a963aea2b8cde98201e04d6e65326046fe52b6b5979f3400d2b25d037e5a9
-
SSDEEP
3145728:XeaxX/m4b1kHiDCEXsRXQKVpGLPL4/0+VZ5:Xeax7b4iDCE8JQ0oLatV
Malware Config
Targets
-
-
Target
video_editor_x64.exe
-
Size
114.7MB
-
MD5
c933e930d461ca97651075a73644b9e3
-
SHA1
4ed6356f544699d058a122ecc5148f046a1af7ec
-
SHA256
4f7bf5eec173898d67e693ae48351e6ca813a1478cea7bbf3359d96b90c37bb7
-
SHA512
1bebf5ab403ea6d512f2205470c87b5acd99b75766a6a156d6262bce17a51053594a963aea2b8cde98201e04d6e65326046fe52b6b5979f3400d2b25d037e5a9
-
SSDEEP
3145728:XeaxX/m4b1kHiDCEXsRXQKVpGLPL4/0+VZ5:Xeax7b4iDCE8JQ0oLatV
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1