Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-17_1e37e60a1651dddf2dbf07b94867e850_cryptolocker

  • Size

    71KB

  • Sample

    240217-2fb5lsbh36

  • MD5

    1e37e60a1651dddf2dbf07b94867e850

  • SHA1

    5a1accabcd8ba58d951b4dd19413f1758ba355e9

  • SHA256

    ab13cfbeef94d29dab9f9156a867fa76fbe4eb590566a1a2bb0031fe90895105

  • SHA512

    bfdb4b16c8001c5f081200bfc727a4fd4851413d340e53a88dc645f48d24de5f3a732cce09feb27c7c5a40db433e55f38e8452c998ee2827f60341c1ade18aa8

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalC:1nK6a+qdOOtEvwDpjf

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-02-17_1e37e60a1651dddf2dbf07b94867e850_cryptolocker

    • Size

      71KB

    • MD5

      1e37e60a1651dddf2dbf07b94867e850

    • SHA1

      5a1accabcd8ba58d951b4dd19413f1758ba355e9

    • SHA256

      ab13cfbeef94d29dab9f9156a867fa76fbe4eb590566a1a2bb0031fe90895105

    • SHA512

      bfdb4b16c8001c5f081200bfc727a4fd4851413d340e53a88dc645f48d24de5f3a732cce09feb27c7c5a40db433e55f38e8452c998ee2827f60341c1ade18aa8

    • SSDEEP

      1536:P8mnK6QFElP6n+gymddpMOtEvwDpjIHsalC:1nK6a+qdOOtEvwDpjf

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks