Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-02-18_77005e43ebb1055cbb64b22c636dfd5b_virlock
-
Size
255KB
-
Sample
240218-nz2mqaab34
-
MD5
77005e43ebb1055cbb64b22c636dfd5b
-
SHA1
444870edf859f2aab0ec85a566981783688f6f32
-
SHA256
f80417872955417f0eac97931092a1f6545e5d223e010e3bbd399c5d8fd4be14
-
SHA512
7687b3bd96c80a0cf10ddf2001ef3ec55f7a18571ae04fbd9156316b12920cdeb0e768ad4ed8a41646442f5ad4c62c313fce0c5e5b8e47438e1f7fed6e7f4652
-
SSDEEP
3072:Tv7gfM6gll7C4mj86x+COWsfeIFw06kEa4GCHawhEDjSji:vgfM627SvkjWUeM0H7EDjB
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_77005e43ebb1055cbb64b22c636dfd5b_virlock.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-18_77005e43ebb1055cbb64b22c636dfd5b_virlock.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-02-18_77005e43ebb1055cbb64b22c636dfd5b_virlock
-
Size
255KB
-
MD5
77005e43ebb1055cbb64b22c636dfd5b
-
SHA1
444870edf859f2aab0ec85a566981783688f6f32
-
SHA256
f80417872955417f0eac97931092a1f6545e5d223e010e3bbd399c5d8fd4be14
-
SHA512
7687b3bd96c80a0cf10ddf2001ef3ec55f7a18571ae04fbd9156316b12920cdeb0e768ad4ed8a41646442f5ad4c62c313fce0c5e5b8e47438e1f7fed6e7f4652
-
SSDEEP
3072:Tv7gfM6gll7C4mj86x+COWsfeIFw06kEa4GCHawhEDjSji:vgfM627SvkjWUeM0H7EDjB
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1