Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Trojan-Ransom.Win32.Blocker.hfjn-d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07

  • Size

    280KB

  • Sample

    221106-2vyxxsegg7

  • MD5

    7ce7a3098963cd46086eef5d82d39d71

  • SHA1

    b2fc7d1b3a78fd5c420902d5af5e00467f0d25f5

  • SHA256

    d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07

  • SHA512

    a804279b9b1c624d0b621649b78e0121ecac3f99fcc50dd71a6f472eea41fb2c16e064c1a698ad62b5549d953a52b4f6b44dc3be5a817dc0e402ec6559da057a

  • SSDEEP

    3072:WnYOsefAsRp0QvPm35OEJ0h0kUlznGOLNLki8+fYFHyF+mhetgTifPjHed/v:k0QG3PbkUlzvpAi5EyFLheiIgv

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.hfjn-d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07

    • Size

      280KB

    • MD5

      7ce7a3098963cd46086eef5d82d39d71

    • SHA1

      b2fc7d1b3a78fd5c420902d5af5e00467f0d25f5

    • SHA256

      d905f9e538546cd60c495a8bc4345e1584328e3c5a4fedca2735aad6f0eacf07

    • SHA512

      a804279b9b1c624d0b621649b78e0121ecac3f99fcc50dd71a6f472eea41fb2c16e064c1a698ad62b5549d953a52b4f6b44dc3be5a817dc0e402ec6559da057a

    • SSDEEP

      3072:WnYOsefAsRp0QvPm35OEJ0h0kUlznGOLNLki8+fYFHyF+mhetgTifPjHed/v:k0QG3PbkUlzvpAi5EyFLheiIgv

    • Modifies firewall policy service

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies WinLogon

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks