Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JKT48.exe
-
Size
8.0MB
-
Sample
250327-qvr9laswew
-
MD5
41f5bac802f5e79dc2ca7a3db25d0001
-
SHA1
ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e
-
SHA256
9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d
-
SHA512
94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab
-
SSDEEP
196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63
Static task
static1
Behavioral task
behavioral1
Sample
JKT48.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JKT48.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
JKT48.exe
-
Size
8.0MB
-
MD5
41f5bac802f5e79dc2ca7a3db25d0001
-
SHA1
ce56c42cadd2db13edf03c15ce3b11c2cfa00f9e
-
SHA256
9b495506295d895825ddf2a45c28f704debc31f28c4943b1a78b75c898a4375d
-
SHA512
94705e83ce1b104954be07210ea3648c7403a6dd86ebaf6e884ced1552636b6a05a3b2926415d6c49ff251a675815435e4b2a3c8f816bbbf68c08c3299db99ab
-
SSDEEP
196608:PF35AX/ip4e/aS3e+gr80KILDjhoOX9oeqZ8r8swzH0e:d3KX/o4eSTr80xHhJ8s63
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify Tools
2Indicator Removal
2File Deletion
2Modify Registry
3Pre-OS Boot
1Bootkit
1