eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

wireguard-...er.exe

windows10-1703-x64

9

Sharing

General

Target

wireguard-installer.exe
Size

85KB
Sample

230917-ygxwxsfa85
MD5

1cf9257c07936d7fbf508dc113e9b6d5
SHA1

324f8a1f0779fe42baabc544bc7f6814a3d150ca
SHA256

eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48
SHA512

081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12
SSDEEP

1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k

Score

9^/10

discovery evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

wireguard-installer.exe

Resource

win10-20230915-es

discovery evasion trojan

windows10-1703-x64

35 signatures

1800 seconds

Malware Config

Targets

- Target
  
  wireguard-installer.exe
- Size
  
  85KB
- MD5
  
  1cf9257c07936d7fbf508dc113e9b6d5
- SHA1
  
  324f8a1f0779fe42baabc544bc7f6814a3d150ca
- SHA256
  
  eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48
- SHA512
  
  081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12
- SSDEEP
  
  1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k
Score

9^/10

discovery evasion trojan
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Blocklisted process makes network request
- Drops file in Drivers directory
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Network Service Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

© 2018-2025

Terms | Privacy