Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KernelRewrite.exe

  • Size

    8.2MB

  • Sample

    241007-2gx4gazgmb

  • MD5

    49a6866a7352dd99c43f3081dc2c5fb4

  • SHA1

    f4e4a5a72ba033420b27f2f75f1927b187d49904

  • SHA256

    f6ee8a5af807ca07d07dd8d5d4fc63c0359c21145d4b27db4cae09d48ee9e909

  • SHA512

    a1805c9c8af9ff49e78e76ff71ecfac8b800140fdb8869fd1313b0ae8aff3730910214fe71bc4ec88be0b0dcb0fabdee376cf603ae836bfa4f80fa3eb70a58ab

  • SSDEEP

    196608:K8WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9sC:IQurEUWjZZ4dDLIeW7zWGPTNCC

Malware Config

Targets

    • Target

      KernelRewrite.exe

    • Size

      8.2MB

    • MD5

      49a6866a7352dd99c43f3081dc2c5fb4

    • SHA1

      f4e4a5a72ba033420b27f2f75f1927b187d49904

    • SHA256

      f6ee8a5af807ca07d07dd8d5d4fc63c0359c21145d4b27db4cae09d48ee9e909

    • SHA512

      a1805c9c8af9ff49e78e76ff71ecfac8b800140fdb8869fd1313b0ae8aff3730910214fe71bc4ec88be0b0dcb0fabdee376cf603ae836bfa4f80fa3eb70a58ab

    • SSDEEP

      196608:K8WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9sC:IQurEUWjZZ4dDLIeW7zWGPTNCC

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks