Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Trojan-Ransom.Win32.Blocker.jxbh-9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce

  • Size

    500KB

  • Sample

    221107-h6368sdgg7

  • MD5

    066d72cf2de962249f8561b63c84f1cc

  • SHA1

    d6c60b94a4d03f0b1a9f860807c26146f7ceb35d

  • SHA256

    9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce

  • SHA512

    53cf86f17d049ad1d0c8bd390889951194ef6f9fdcd58f9ca3b52b5a9f78c464d00a0eef9aeff34b87f5a98bf3ea89210e595bcc4343a4c41f30944808f27d59

  • SSDEEP

    12288:fwgHsqmAdjxORA4GTe2Pr9hroyCMJOcddfm+YWnz:fEqmwjfz79iSJOUY0z

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Blocker.jxbh-9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce

    • Size

      500KB

    • MD5

      066d72cf2de962249f8561b63c84f1cc

    • SHA1

      d6c60b94a4d03f0b1a9f860807c26146f7ceb35d

    • SHA256

      9bb5c1ba34c80331b301d99d55045452856f6ae8cab48707fe1eef7ea3bedcce

    • SHA512

      53cf86f17d049ad1d0c8bd390889951194ef6f9fdcd58f9ca3b52b5a9f78c464d00a0eef9aeff34b87f5a98bf3ea89210e595bcc4343a4c41f30944808f27d59

    • SSDEEP

      12288:fwgHsqmAdjxORA4GTe2Pr9hroyCMJOcddfm+YWnz:fEqmwjfz79iSJOUY0z

    • Modifies WinLogon for persistence

    • UAC bypass

    • Adds policy Run key to start application

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks