Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Trojan-Ransom.Win32.Blocker.jaod-c0e391cc147b45c007a23d34db1f5d92804f4a7c6e25a197c17c22e0baa4290c

  • Size

    163KB

  • Sample

    221107-gpvyvsbdg6

  • MD5

    4bdfc297faf9f3d94476f8fe02b68de6

  • SHA1

    e23a6b2de6c5a897d2ed2d2ada9931086231b255

  • SHA256

    c0e391cc147b45c007a23d34db1f5d92804f4a7c6e25a197c17c22e0baa4290c

  • SHA512

    570712ef635f316d90f13a60bc2cac618a2b361fab389457d49472ace3dfc0257360a066e648cf8b635934b5c652ea4f944be9b7168a9f632d84b2138285a722

  • SSDEEP

    3072:UC4O5okyivqKR1TI3UN/vkhwYMBD0+DfYqA4SFwP79qVla5AEOjd07QlS:UhvJKR1UFuBFLYqhSFc901dBlS

Score
8/10

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.jaod-c0e391cc147b45c007a23d34db1f5d92804f4a7c6e25a197c17c22e0baa4290c

    • Size

      163KB

    • MD5

      4bdfc297faf9f3d94476f8fe02b68de6

    • SHA1

      e23a6b2de6c5a897d2ed2d2ada9931086231b255

    • SHA256

      c0e391cc147b45c007a23d34db1f5d92804f4a7c6e25a197c17c22e0baa4290c

    • SHA512

      570712ef635f316d90f13a60bc2cac618a2b361fab389457d49472ace3dfc0257360a066e648cf8b635934b5c652ea4f944be9b7168a9f632d84b2138285a722

    • SSDEEP

      3072:UC4O5okyivqKR1TI3UN/vkhwYMBD0+DfYqA4SFwP79qVla5AEOjd07QlS:UhvJKR1UFuBFLYqhSFc901dBlS

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks