Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-03-12_eb873ffd4adf5f15a375368355607d97_cryptolocker
-
Size
30KB
-
Sample
240312-zg3b3sae7z
-
MD5
eb873ffd4adf5f15a375368355607d97
-
SHA1
56ba7951dfe1eaddf4795f53a0ac6f112cfe0970
-
SHA256
ece5ad551199df059cda82742a7f63acdabc41dce540c356061d8b929ccae429
-
SHA512
022cb4715d22ce1b5d6f94837614fa2749ad93eb7b3b1707196c21f6495df4f1d2f049d0e56b182505c8f88b4c927ab60f17f5bbd7a2298ef8641aef76adf51c
-
SSDEEP
768:bFKGtXi0sh3VD4dniNfjfI0S16avdrQFiLjJvtd:bFxhi0shVD4diNT7oc+vd
Behavioral task
behavioral1
Sample
2024-03-12_eb873ffd4adf5f15a375368355607d97_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-12_eb873ffd4adf5f15a375368355607d97_cryptolocker.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-03-12_eb873ffd4adf5f15a375368355607d97_cryptolocker
-
Size
30KB
-
MD5
eb873ffd4adf5f15a375368355607d97
-
SHA1
56ba7951dfe1eaddf4795f53a0ac6f112cfe0970
-
SHA256
ece5ad551199df059cda82742a7f63acdabc41dce540c356061d8b929ccae429
-
SHA512
022cb4715d22ce1b5d6f94837614fa2749ad93eb7b3b1707196c21f6495df4f1d2f049d0e56b182505c8f88b4c927ab60f17f5bbd7a2298ef8641aef76adf51c
-
SSDEEP
768:bFKGtXi0sh3VD4dniNfjfI0S16avdrQFiLjJvtd:bFxhi0shVD4diNT7oc+vd
Score9/10-
Detection of CryptoLocker Variants
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-