Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-09-04_8f032f34569c3c9e99562a22dfd78a57_hijackloader_ryuk
-
Size
70.2MB
-
Sample
240904-d63s9athrq
-
MD5
8f032f34569c3c9e99562a22dfd78a57
-
SHA1
2e014a220d6767924c6f9e669ae8deb8bd42383e
-
SHA256
78604a5813861a7dd652b6d2f151bcf8215f0c700b4a1a8f28986fee220b1a59
-
SHA512
34a2e6c8f0131f305b0a8eaa385e780fe1da5e21c6977324ecb3249e53460d9c3a5caea9675a3c0120c5982e980c9029706b1c1999cff616cf5febc3df82722d
-
SSDEEP
1572864:HklDCjxMgp23PnpSRxxhaz/+df11/GgzBGQIj5Oi:Eh+9unkRxDw/Mf/pBGRj5
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-04_8f032f34569c3c9e99562a22dfd78a57_hijackloader_ryuk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-04_8f032f34569c3c9e99562a22dfd78a57_hijackloader_ryuk.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-04_8f032f34569c3c9e99562a22dfd78a57_hijackloader_ryuk
-
Size
70.2MB
-
MD5
8f032f34569c3c9e99562a22dfd78a57
-
SHA1
2e014a220d6767924c6f9e669ae8deb8bd42383e
-
SHA256
78604a5813861a7dd652b6d2f151bcf8215f0c700b4a1a8f28986fee220b1a59
-
SHA512
34a2e6c8f0131f305b0a8eaa385e780fe1da5e21c6977324ecb3249e53460d9c3a5caea9675a3c0120c5982e980c9029706b1c1999cff616cf5febc3df82722d
-
SSDEEP
1572864:HklDCjxMgp23PnpSRxxhaz/+df11/GgzBGQIj5Oi:Eh+9unkRxDw/Mf/pBGRj5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1