aac15814aec66587435c8e2abc6431ba09300e94de72ae94a8b60f6efad0876b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2024-03-09...ck.exe

windows7-x64

2024-03-09...ck.exe

windows10-2004-x64

Sharing

General

Target

2024-03-09_c54566c34316dbefd0d344311b24a766_ransomlock
Size

1.3MB
Sample

240309-fjlmkach56
MD5

c54566c34316dbefd0d344311b24a766
SHA1

2bf940e1a7773ba76a55a32be936fa513eeb9b34
SHA256

aac15814aec66587435c8e2abc6431ba09300e94de72ae94a8b60f6efad0876b
SHA512

76939f6cf240d31022961d338995567584c067447356dd01f77689e253c5c1e0514038b8bba6b8ef91a4f79357bccb96632e3e5e5b03adb21ee8c6ea60d01e20
SSDEEP

24576:DwxPanDWDAxfy+t4g6cBLi2iYQOlbBTAIUC:8xPpWTjPJplVTjUC

Score

10^/10

evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-03-09_c54566c34316dbefd0d344311b24a766_ransomlock.exe

Resource

win7-20240221-en

evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-03-09_c54566c34316dbefd0d344311b24a766_ransomlock.exe

Resource

win10v2004-20240226-en

evasion persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-03-09_c54566c34316dbefd0d344311b24a766_ransomlock
- Size
  
  1.3MB
- MD5
  
  c54566c34316dbefd0d344311b24a766
- SHA1
  
  2bf940e1a7773ba76a55a32be936fa513eeb9b34
- SHA256
  
  aac15814aec66587435c8e2abc6431ba09300e94de72ae94a8b60f6efad0876b
- SHA512
  
  76939f6cf240d31022961d338995567584c067447356dd01f77689e253c5c1e0514038b8bba6b8ef91a4f79357bccb96632e3e5e5b03adb21ee8c6ea60d01e20
- SSDEEP
  
  24576:DwxPanDWDAxfy+t4g6cBLi2iYQOlbBTAIUC:8xPpWTjPJplVTjUC
Score

10^/10

evasion persistence trojan
- UAC bypass
  evasion trojan
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy