Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
letsview-setup.exe
-
Size
2.4MB
-
Sample
241120-xff2casbkk
-
MD5
7578d269fef4ac377832c4122c78e0bb
-
SHA1
8901f9b7df38bcb2e1bfae7baab64a0d1f6b37a8
-
SHA256
9668ad0def75c0bfccfa01a0a8b4fe3aa24a4f386f0807871edb14b979ac51bf
-
SHA512
f89ed6ee3e7250a4fed1915c85ea6a58e14e6e7910a5462637ee8b9c4f61c015c4bedc337e22bab15133d1c58e6747f1ca1654bae6f195ac4174881fc5e4afaa
-
SSDEEP
49152:6+iLgXBxC4o+JMv2Dpjm0zV4LTGnZ/lD/lZyWVu8se:6+5rFDpjmEZF/
Static task
static1
Behavioral task
behavioral1
Sample
letsview-setup.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
letsview-setup.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
letsview-setup.exe
-
Size
2.4MB
-
MD5
7578d269fef4ac377832c4122c78e0bb
-
SHA1
8901f9b7df38bcb2e1bfae7baab64a0d1f6b37a8
-
SHA256
9668ad0def75c0bfccfa01a0a8b4fe3aa24a4f386f0807871edb14b979ac51bf
-
SHA512
f89ed6ee3e7250a4fed1915c85ea6a58e14e6e7910a5462637ee8b9c4f61c015c4bedc337e22bab15133d1c58e6747f1ca1654bae6f195ac4174881fc5e4afaa
-
SSDEEP
49152:6+iLgXBxC4o+JMv2Dpjm0zV4LTGnZ/lD/lZyWVu8se:6+5rFDpjmEZF/
-
Modifies firewall policy service
-
Creates new service(s)
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies file permissions
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
4Windows Service
4Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
4Windows Service
4Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
3Disable or Modify System Firewall
2Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1