Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-02-18_c459941e11a6989a9199924c6f3deedb_virlock
-
Size
177KB
-
Sample
240218-n2w51shf4w
-
MD5
c459941e11a6989a9199924c6f3deedb
-
SHA1
0d64d28945fe317fcf29ca22ac12a89933b8aab5
-
SHA256
363b9e26b32c5afc17f55a588d207ef5960b99cd608d08fdf9f834505a3b941f
-
SHA512
894d9a87d6637c6156b74fd513ba8cc77c9fba5f5aebd463da94be9550c83312c33da6b5414a72a853ac75666e7932dff14e485071087b4b842bbf997a2932e1
-
SSDEEP
3072:EzblT5XcXRWouUbzGyzTMvMKVZv7xdx1vclKklHvwBbL0jXFHV/UU/p0YrKt122V:WlT5XeR7mu+v7xdx1vc4kHvwBbL0jXBs
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_c459941e11a6989a9199924c6f3deedb_virlock.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-02-18_c459941e11a6989a9199924c6f3deedb_virlock.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-02-18_c459941e11a6989a9199924c6f3deedb_virlock
-
Size
177KB
-
MD5
c459941e11a6989a9199924c6f3deedb
-
SHA1
0d64d28945fe317fcf29ca22ac12a89933b8aab5
-
SHA256
363b9e26b32c5afc17f55a588d207ef5960b99cd608d08fdf9f834505a3b941f
-
SHA512
894d9a87d6637c6156b74fd513ba8cc77c9fba5f5aebd463da94be9550c83312c33da6b5414a72a853ac75666e7932dff14e485071087b4b842bbf997a2932e1
-
SSDEEP
3072:EzblT5XcXRWouUbzGyzTMvMKVZv7xdx1vclKklHvwBbL0jXFHV/UU/p0YrKt122V:WlT5XeR7mu+v7xdx1vc4kHvwBbL0jXBs
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1