Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
reWASD720-9014.exe
-
Size
28.6MB
-
Sample
240507-v1zyvagc3x
-
MD5
e0a1e477533863ba0fd9a52c9c019c3f
-
SHA1
3a0f67d0dda47493fad9923d355cfe9609d25f01
-
SHA256
a96d53be05f9e323bfcb590c05844e16c2bc4965ecfa82e7d6c4b61009afa963
-
SHA512
8c959c5255dbb8d59288b869c5f151740744fd10b5ea513178aae6d5f2dad009e63a7e518c8cee53ef7fafe79efdb9dbec3c678ef0ba6c55eaf1e27f0267d981
-
SSDEEP
786432:cb5tGlzdlWhFVqxZCf39KtOq1zU3Olf36LvHb+UtpFhA:c1YjWhixZCsOq1zaOxCvHbhZA
Malware Config
Targets
-
-
Target
reWASD720-9014.exe
-
Size
28.6MB
-
MD5
e0a1e477533863ba0fd9a52c9c019c3f
-
SHA1
3a0f67d0dda47493fad9923d355cfe9609d25f01
-
SHA256
a96d53be05f9e323bfcb590c05844e16c2bc4965ecfa82e7d6c4b61009afa963
-
SHA512
8c959c5255dbb8d59288b869c5f151740744fd10b5ea513178aae6d5f2dad009e63a7e518c8cee53ef7fafe79efdb9dbec3c678ef0ba6c55eaf1e27f0267d981
-
SSDEEP
786432:cb5tGlzdlWhFVqxZCf39KtOq1zU3Olf36LvHb+UtpFhA:c1YjWhixZCsOq1zaOxCvHbhZA
Score8/10-
Drops file in Drivers directory
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Windows Firewall
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1