Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    wireguard-installer.exe

  • Size

    85KB

  • Sample

    230917-ygxwxsfa85

  • MD5

    1cf9257c07936d7fbf508dc113e9b6d5

  • SHA1

    324f8a1f0779fe42baabc544bc7f6814a3d150ca

  • SHA256

    eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48

  • SHA512

    081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12

  • SSDEEP

    1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k

Malware Config

Targets

    • Target

      wireguard-installer.exe

    • Size

      85KB

    • MD5

      1cf9257c07936d7fbf508dc113e9b6d5

    • SHA1

      324f8a1f0779fe42baabc544bc7f6814a3d150ca

    • SHA256

      eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48

    • SHA512

      081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12

    • SSDEEP

      1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks