Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
KernelRewrite.exe
-
Size
8.2MB
-
Sample
241007-2gx4gazgmb
-
MD5
49a6866a7352dd99c43f3081dc2c5fb4
-
SHA1
f4e4a5a72ba033420b27f2f75f1927b187d49904
-
SHA256
f6ee8a5af807ca07d07dd8d5d4fc63c0359c21145d4b27db4cae09d48ee9e909
-
SHA512
a1805c9c8af9ff49e78e76ff71ecfac8b800140fdb8869fd1313b0ae8aff3730910214fe71bc4ec88be0b0dcb0fabdee376cf603ae836bfa4f80fa3eb70a58ab
-
SSDEEP
196608:K8WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9sC:IQurEUWjZZ4dDLIeW7zWGPTNCC
Behavioral task
behavioral1
Sample
KernelRewrite.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
KernelRewrite.exe
-
Size
8.2MB
-
MD5
49a6866a7352dd99c43f3081dc2c5fb4
-
SHA1
f4e4a5a72ba033420b27f2f75f1927b187d49904
-
SHA256
f6ee8a5af807ca07d07dd8d5d4fc63c0359c21145d4b27db4cae09d48ee9e909
-
SHA512
a1805c9c8af9ff49e78e76ff71ecfac8b800140fdb8869fd1313b0ae8aff3730910214fe71bc4ec88be0b0dcb0fabdee376cf603ae836bfa4f80fa3eb70a58ab
-
SSDEEP
196608:K8WBQurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9sC:IQurEUWjZZ4dDLIeW7zWGPTNCC
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-