Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-02-14_0ffc9e071b6f61cf8a6571f8b61459b7_cryptolocker
-
Size
40KB
-
Sample
240214-pxn5aaaf2t
-
MD5
0ffc9e071b6f61cf8a6571f8b61459b7
-
SHA1
26428c6f542a93af5d3238fea33775b0f200d9b0
-
SHA256
c9be42ac696b454d042458a92c90e666ad78ef98c21f726de5aa3ea58b64a274
-
SHA512
62a82afea3af393c26e2e48702d75da2e2d61159a94d285d04847d0a020bfb2359a4c2237e38ec3eed043dbcceb5b8d3b5f101b8dd05cbdac78d500c05a5e64d
-
SSDEEP
768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAsX:b/pYayGig5HjS3NPAsX
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-14_0ffc9e071b6f61cf8a6571f8b61459b7_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-14_0ffc9e071b6f61cf8a6571f8b61459b7_cryptolocker.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
2024-02-14_0ffc9e071b6f61cf8a6571f8b61459b7_cryptolocker
-
Size
40KB
-
MD5
0ffc9e071b6f61cf8a6571f8b61459b7
-
SHA1
26428c6f542a93af5d3238fea33775b0f200d9b0
-
SHA256
c9be42ac696b454d042458a92c90e666ad78ef98c21f726de5aa3ea58b64a274
-
SHA512
62a82afea3af393c26e2e48702d75da2e2d61159a94d285d04847d0a020bfb2359a4c2237e38ec3eed043dbcceb5b8d3b5f101b8dd05cbdac78d500c05a5e64d
-
SSDEEP
768:b/yC4GyNM01GuQMNXw2PSjHPbSuYlW8PAsX:b/pYayGig5HjS3NPAsX
Score9/10-
Detection of CryptoLocker Variants
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-