Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Trojan-Ransom.Win32.Blocker.ebek-f84850c07f50d03b693d8dce2285e3e264a1bd0a49861b600afcdf423b7718b1
-
Size
294KB
-
Sample
221106-xq7xtagdb7
-
MD5
47d8062a27afe7a6a44746fc43f49508
-
SHA1
3cc8a31fd16992172673aa5270b82f421c9318aa
-
SHA256
f84850c07f50d03b693d8dce2285e3e264a1bd0a49861b600afcdf423b7718b1
-
SHA512
b28392919b387c3a3560143d8279353dbee87430995da279a4dd96893ea6afb0ea8fb414d7fe27e3563cae01eb7a26f7555cda93a58e1892f2b6a5e2bfca1f86
-
SSDEEP
6144:PjEULBbORScrnlJbE12nseJkXyIhh/rfAdSCph9O0hv9qH3:PgXZrnbHshXyOTf6z3brC
Static task
static1
Behavioral task
behavioral1
Sample
osn.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
osn.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
osn.exe
-
Size
426KB
-
MD5
7990a08facbe1c8c5a673aee28de308a
-
SHA1
940bf5f40d0dd3b47b732d66d9bfae33e01d5d0f
-
SHA256
5aabccffcd5fe39c601e91a3c84f24854ce3aacc07321c1a09054942ab7aaa41
-
SHA512
8598137aa03f6c5ef48b5d370e9ba0d51386660c9de00c9ec051710adae204e150b259a31adde2f1d64dc1bf94707d515629992dc62020a5db8fd1721450336d
-
SSDEEP
6144:yZDNxWGx7Dsgz5Z7aZgYvhzmi7UDXTKFtwIjH1VdRQ/vqkg1gEagdQH:zG7DZJaZgIhzmmUTKFTj1V7uikFg
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-