Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

Trojan-Ran...er.exe

windows7-x64

10

Trojan-Ran...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trojan-Ransom.Win32.Blocker.ivbx-b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

  • Size

    715KB

  • Sample

    221107-elj13sabdq

  • MD5

    9922bb2013d45d0131cc27ab65dde265

  • SHA1

    c8a0a3179794a2d444e4417a747029ad2acd9aba

  • SHA256

    b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

  • SHA512

    d3c1707deb82d11806c3dc9cb81673bbeace140407a67f532136d6059dab7965a01a67a2d2165a8d52a3385c8afbe206eea402bca1c63bac2fe14a78e55240e8

  • SSDEEP

    1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.ivbx-b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

    • Size

      715KB

    • MD5

      9922bb2013d45d0131cc27ab65dde265

    • SHA1

      c8a0a3179794a2d444e4417a747029ad2acd9aba

    • SHA256

      b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

    • SHA512

      d3c1707deb82d11806c3dc9cb81673bbeace140407a67f532136d6059dab7965a01a67a2d2165a8d52a3385c8afbe206eea402bca1c63bac2fe14a78e55240e8

    • SSDEEP

      1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N

    Score
    10/10
    evasionpersistencespywarestealertrojanupx

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks