Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Trojan-Ransom.Win32.Blocker.jxbh-9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce
-
Size
500KB
-
Sample
221107-h6368sdgg7
-
MD5
066d72cf2de962249f8561b63c84f1cc
-
SHA1
d6c60b94a4d03f0b1a9f860807c26146f7ceb35d
-
SHA256
9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce
-
SHA512
53cf86f17d049ad1d0c8bd390889951194ef6f9fdcd58f9ca3b52b5a9f78c464d00a0eef9aeff34b87f5a98bf3ea89210e595bcc4343a4c41f30944808f27d59
-
SSDEEP
12288:fwgHsqmAdjxORA4GTe2Pr9hroyCMJOcddfm+YWnz:fEqmwjfz79iSJOUY0z
Static task
static1
Behavioral task
behavioral1
Sample
Trojan-Ransom.Win32.Blocker.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Trojan-Ransom.Win32.Blocker.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Blocker.jxbh-9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce
-
Size
500KB
-
MD5
066d72cf2de962249f8561b63c84f1cc
-
SHA1
d6c60b94a4d03f0b1a9f860807c26146f7ceb35d
-
SHA256
9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce
-
SHA512
53cf86f17d049ad1d0c8bd390889951194ef6f9fdcd58f9ca3b52b5a9f78c464d00a0eef9aeff34b87f5a98bf3ea89210e595bcc4343a4c41f30944808f27d59
-
SSDEEP
12288:fwgHsqmAdjxORA4GTe2Pr9hroyCMJOcddfm+YWnz:fEqmwjfz79iSJOUY0z
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-