Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-02-20_72aee8a945ba8fc28330b0d674b90b77_cryptolocker

  • Size

    89KB

  • Sample

    240220-nqpa2agb72

  • MD5

    72aee8a945ba8fc28330b0d674b90b77

  • SHA1

    3ce61f2dbf228bd7093df9c5d3c652a99afde3b5

  • SHA256

    addff22bf83f7cf2f2c7844cdc387a4cd56b0b80555ade6826c2c79f765e0e49

  • SHA512

    952d14d9639f765019bb97942097e059ca1a9b9b4510bea39978a88955fd91eeef7572e5445da972861d396479c249faa753b93b3489cb77966d5390b7933824

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwMgdxN:AnBdOOtEvwDpj6z9

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-02-20_72aee8a945ba8fc28330b0d674b90b77_cryptolocker

    • Size

      89KB

    • MD5

      72aee8a945ba8fc28330b0d674b90b77

    • SHA1

      3ce61f2dbf228bd7093df9c5d3c652a99afde3b5

    • SHA256

      addff22bf83f7cf2f2c7844cdc387a4cd56b0b80555ade6826c2c79f765e0e49

    • SHA512

      952d14d9639f765019bb97942097e059ca1a9b9b4510bea39978a88955fd91eeef7572e5445da972861d396479c249faa753b93b3489cb77966d5390b7933824

    • SSDEEP

      1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwMgdxN:AnBdOOtEvwDpj6z9

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks