Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
wireguard-installer.exe
-
Size
85KB
-
Sample
230917-ygxwxsfa85
-
MD5
1cf9257c07936d7fbf508dc113e9b6d5
-
SHA1
324f8a1f0779fe42baabc544bc7f6814a3d150ca
-
SHA256
eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48
-
SHA512
081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12
-
SSDEEP
1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k
Static task
static1
Malware Config
Targets
-
-
Target
wireguard-installer.exe
-
Size
85KB
-
MD5
1cf9257c07936d7fbf508dc113e9b6d5
-
SHA1
324f8a1f0779fe42baabc544bc7f6814a3d150ca
-
SHA256
eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48
-
SHA512
081fa75e73138fb403aa01cb09f3051b7ee6954ab0a15366016cabe873d7a64f8374c85d9bcdf068fa019930419c818d102063983a5547ae5107773fe25e5c12
-
SSDEEP
1536:+UD86+VKgtoNMJiYkiW2yF4q/4i98+ayxpF0Kxn+7ygK/fM:RwlJnsiJyrQi98+ay+KqK/k
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-