Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
20230429ffc9b11fc8dea0432f634a37f4b05e42virlock.bin
-
Size
2.1MB
-
Sample
230506-zqf57sff9v
-
MD5
ffc9b11fc8dea0432f634a37f4b05e42
-
SHA1
e0fc237a8f07c11cf167082bd1eb3ffe9c4f8bef
-
SHA256
ec2c57559451ce2035b87787377deff11adf05766a20befa77e1bc652651c624
-
SHA512
911e18d00b9a9ee80f3630a4050721a549c106af29c54b3174c1d38aa66c7cf7ca0c13a697d92dfb3cf8e8a6b0c0a9422950ed653307e3e38bd5411c6f8e8085
-
SSDEEP
49152:eWWdEEJt1NkLksmKj8BdfHEJOjrICfbSa8DAn:oJt7
Static task
static1
Behavioral task
behavioral1
Sample
20230429ffc9b11fc8dea0432f634a37f4b05e42virlock.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
20230429ffc9b11fc8dea0432f634a37f4b05e42virlock.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
20230429ffc9b11fc8dea0432f634a37f4b05e42virlock.bin
-
Size
2.1MB
-
MD5
ffc9b11fc8dea0432f634a37f4b05e42
-
SHA1
e0fc237a8f07c11cf167082bd1eb3ffe9c4f8bef
-
SHA256
ec2c57559451ce2035b87787377deff11adf05766a20befa77e1bc652651c624
-
SHA512
911e18d00b9a9ee80f3630a4050721a549c106af29c54b3174c1d38aa66c7cf7ca0c13a697d92dfb3cf8e8a6b0c0a9422950ed653307e3e38bd5411c6f8e8085
-
SSDEEP
49152:eWWdEEJt1NkLksmKj8BdfHEJOjrICfbSa8DAn:oJt7
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-