Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-02-24_81f464dd00141b7784c084b88c89f06d_virlock
-
Size
652KB
-
Sample
240224-hdf61ada2y
-
MD5
81f464dd00141b7784c084b88c89f06d
-
SHA1
aac4db3d5e000e5f7ed26a3f914b6c8cfb941c5c
-
SHA256
30a3ecc0b679a97e4a1f790e41537a4295cd4c2ff92577cb1daafd747749de82
-
SHA512
13d0538783600ffb2b520ef8ae0139ea25987e8394a25e921247458fe3872c098d3a1bbc442c62ca9a0f08f46b871e4eedde4be9e99d0e8fe5034e2302a10fce
-
SSDEEP
12288:60IcF+Sz07x25mkE/1i9Y1u4CNlY6bKokR+NDDgJK:zfV07YmJ131mlY6fDDg8
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-24_81f464dd00141b7784c084b88c89f06d_virlock.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-02-24_81f464dd00141b7784c084b88c89f06d_virlock.exe
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
2024-02-24_81f464dd00141b7784c084b88c89f06d_virlock
-
Size
652KB
-
MD5
81f464dd00141b7784c084b88c89f06d
-
SHA1
aac4db3d5e000e5f7ed26a3f914b6c8cfb941c5c
-
SHA256
30a3ecc0b679a97e4a1f790e41537a4295cd4c2ff92577cb1daafd747749de82
-
SHA512
13d0538783600ffb2b520ef8ae0139ea25987e8394a25e921247458fe3872c098d3a1bbc442c62ca9a0f08f46b871e4eedde4be9e99d0e8fe5034e2302a10fce
-
SSDEEP
12288:60IcF+Sz07x25mkE/1i9Y1u4CNlY6bKokR+NDDgJK:zfV07YmJ131mlY6fDDg8
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1