Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Trojan-Ransom.Win32.Blocker.ivbx-b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

  • Size

    715KB

  • Sample

    221107-elj13sabdq

  • MD5

    9922bb2013d45d0131cc27ab65dde265

  • SHA1

    c8a0a3179794a2d444e4417a747029ad2acd9aba

  • SHA256

    b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

  • SHA512

    d3c1707deb82d11806c3dc9cb81673bbeace140407a67f532136d6059dab7965a01a67a2d2165a8d52a3385c8afbe206eea402bca1c63bac2fe14a78e55240e8

  • SSDEEP

    1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.ivbx-b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

    • Size

      715KB

    • MD5

      9922bb2013d45d0131cc27ab65dde265

    • SHA1

      c8a0a3179794a2d444e4417a747029ad2acd9aba

    • SHA256

      b6e528d6ee93b9ddf32c5b9cb460f9e45b2a1870524579a128f9409541cf35b4

    • SHA512

      d3c1707deb82d11806c3dc9cb81673bbeace140407a67f532136d6059dab7965a01a67a2d2165a8d52a3385c8afbe206eea402bca1c63bac2fe14a78e55240e8

    • SSDEEP

      1536:+EfFNvtgmAl7z5dKY6yuJPW8K43w9NXOM1aRl/i6JWT0S9yXnBibnouy8gHn2JX:+YLmGO4W849NXO9RlK6gOxiDouto2N

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks