Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Trojan-Ransom.Win32.Blocker.hfjn-d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07
-
Size
280KB
-
Sample
221106-2vyxxsegg7
-
MD5
7ce7a3098963cd46086eef5d82d39d71
-
SHA1
b2fc7d1b3a78fd5c420902d5af5e00467f0d25f5
-
SHA256
d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07
-
SHA512
a804279b9b1c624d0b621649b78e0121ecac3f99fcc50dd71a6f472eea41fb2c16e064c1a698ad62b5549d953a52b4f6b44dc3be5a817dc0e402ec6559da057a
-
SSDEEP
3072:WnYOsefAsRp0QvPm35OEJ0h0kUlznGOLNLki8+fYFHyF+mhetgTifPjHed/v:k0QG3PbkUlzvpAi5EyFLheiIgv
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.hfjn-d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07
-
Size
280KB
-
MD5
7ce7a3098963cd46086eef5d82d39d71
-
SHA1
b2fc7d1b3a78fd5c420902d5af5e00467f0d25f5
-
SHA256
d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07
-
SHA512
a804279b9b1c624d0b621649b78e0121ecac3f99fcc50dd71a6f472eea41fb2c16e064c1a698ad62b5549d953a52b4f6b44dc3be5a817dc0e402ec6559da057a
-
SSDEEP
3072:WnYOsefAsRp0QvPm35OEJ0h0kUlznGOLNLki8+fYFHyF+mhetgTifPjHed/v:k0QG3PbkUlzvpAi5EyFLheiIgv
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-