Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-01-29_849dc24f4d859842fa30535c45b75606_cryptolocker

  • Size

    39KB

  • Sample

    240129-bfhpaagagj

  • MD5

    849dc24f4d859842fa30535c45b75606

  • SHA1

    3aba0351bebd68a993223c40922e5f512748d757

  • SHA256

    5a1eee164792e082b30ad7f323a106be3627acc432840201c61adb6e18613777

  • SHA512

    5ed939ac9c8f211359186201ff6420fec23b11a41d07ee9cac77367e4aee31eb42c4f5628307aa28dea3650ea3aff028eba20d1ac3c864beef646b88c0809877

  • SSDEEP

    768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRv:m5nkFNMOtEvwDpjG8hhXd

Score
10/10

Malware Config

Targets

    • Target

      2024-01-29_849dc24f4d859842fa30535c45b75606_cryptolocker

    • Size

      39KB

    • MD5

      849dc24f4d859842fa30535c45b75606

    • SHA1

      3aba0351bebd68a993223c40922e5f512748d757

    • SHA256

      5a1eee164792e082b30ad7f323a106be3627acc432840201c61adb6e18613777

    • SHA512

      5ed939ac9c8f211359186201ff6420fec23b11a41d07ee9cac77367e4aee31eb42c4f5628307aa28dea3650ea3aff028eba20d1ac3c864beef646b88c0809877

    • SSDEEP

      768:TS5nQJ24LR7tOOtEvwDpjGqPhqlcnvhx5/xFRv:m5nkFNMOtEvwDpjG8hhXd

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • Detects executables built or packed with MPress PE compressor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks