Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-25_599186367122c5efcf79fac473b30f4f_cryptolocker

  • Size

    70KB

  • Sample

    240125-rymzqahde3

  • MD5

    599186367122c5efcf79fac473b30f4f

  • SHA1

    fe1e1079ff4ecf63617d57c927ef96dcd9971326

  • SHA256

    71e5377e6b5a8d673f6da3b73f9241c24c24fe508a6aab81e96a845027507194

  • SHA512

    3b2591834d848c42b569ad5f25c51785739a603c287fb19bd180d8fa7e056ad3dcdcc45104f45d8469b4b752750af9ca1ac0c44cdbac5931ed6fceda8460812f

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalp:1nK6a+qdOOtEvwDpjI

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-01-25_599186367122c5efcf79fac473b30f4f_cryptolocker

    • Size

      70KB

    • MD5

      599186367122c5efcf79fac473b30f4f

    • SHA1

      fe1e1079ff4ecf63617d57c927ef96dcd9971326

    • SHA256

      71e5377e6b5a8d673f6da3b73f9241c24c24fe508a6aab81e96a845027507194

    • SHA512

      3b2591834d848c42b569ad5f25c51785739a603c287fb19bd180d8fa7e056ad3dcdcc45104f45d8469b4b752750af9ca1ac0c44cdbac5931ed6fceda8460812f

    • SSDEEP

      1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalp:1nK6a+qdOOtEvwDpjI

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks