Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-19_bde4c220ef924e3755ffe1d9281cd31a_cryptolocker

  • Size

    93KB

  • Sample

    240219-tdaj1afc8v

  • MD5

    bde4c220ef924e3755ffe1d9281cd31a

  • SHA1

    76c90546bb64cd9010014a6ce2e8a56e35ba6d53

  • SHA256

    009218b51dfc7cc3235c3f8a10cb74e2e29a2b134db83ab76fca109421fbf658

  • SHA512

    349f19fd49011f37768d6457319e79fe516cd34d6ef9097f7b07507ea2bc6fbcb94a10ed325dbdf06617a9a46246c8e6b703cb5691c28a5124d09849eb7f7776

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgpYM:AnBdOOtEvwDpj6ze

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-02-19_bde4c220ef924e3755ffe1d9281cd31a_cryptolocker

    • Size

      93KB

    • MD5

      bde4c220ef924e3755ffe1d9281cd31a

    • SHA1

      76c90546bb64cd9010014a6ce2e8a56e35ba6d53

    • SHA256

      009218b51dfc7cc3235c3f8a10cb74e2e29a2b134db83ab76fca109421fbf658

    • SHA512

      349f19fd49011f37768d6457319e79fe516cd34d6ef9097f7b07507ea2bc6fbcb94a10ed325dbdf06617a9a46246c8e6b703cb5691c28a5124d09849eb7f7776

    • SSDEEP

      1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgpYM:AnBdOOtEvwDpj6ze

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks