Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87891d481c00168e89c88d62a49d1354_virlock_JC.exe
-
Size
525KB
-
Sample
230806-pcmqqabe7w
-
MD5
87891d481c00168e89c88d62a49d1354
-
SHA1
de0b063692276ad650810d1027ad9b5264557277
-
SHA256
2e45a8aedd0ad2aea8e1049254ab80409b38abf7231c97583ae3788cbff9b58f
-
SHA512
b80b920ab6f50d346a837ed6178dff1c7b8714741ef971612d649fbed4e0513b92cf7a9f352ddeae0e17d39318ef483e560c372a219221c44f34fd3bd75d09ff
-
SSDEEP
12288:sSjI0HEq4ZeEi4Y+mUz1Wt5ndXo0sPNzHBbayYqgY:LPyeEVWt5ndXopNTtVYO
Static task
static1
Behavioral task
behavioral1
Sample
87891d481c00168e89c88d62a49d1354_virlock_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
87891d481c00168e89c88d62a49d1354_virlock_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
87891d481c00168e89c88d62a49d1354_virlock_JC.exe
-
Size
525KB
-
MD5
87891d481c00168e89c88d62a49d1354
-
SHA1
de0b063692276ad650810d1027ad9b5264557277
-
SHA256
2e45a8aedd0ad2aea8e1049254ab80409b38abf7231c97583ae3788cbff9b58f
-
SHA512
b80b920ab6f50d346a837ed6178dff1c7b8714741ef971612d649fbed4e0513b92cf7a9f352ddeae0e17d39318ef483e560c372a219221c44f34fd3bd75d09ff
-
SSDEEP
12288:sSjI0HEq4ZeEi4Y+mUz1Wt5ndXo0sPNzHBbayYqgY:LPyeEVWt5ndXopNTtVYO
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1