Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-04-05_4673e2e17f61aca171b381467f34830a_cryptolocker
-
Size
42KB
-
Sample
240405-nwr9wabe32
-
MD5
4673e2e17f61aca171b381467f34830a
-
SHA1
1980e57bbefdd9776d15d36ad35068db75aa7f63
-
SHA256
d0fd9d8d57cc3c779a74576bbad0eb74a04a4c6c6c783536bad7105071ad9ca8
-
SHA512
783e94564c426a41308f420b580e8efe1e4cca9f88216a20417feb441e39a71ea58e569f5c38aa869a6f1c0c64f539c91694ab513f4d3c7308674ad982d262d6
-
SSDEEP
768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqhMWKajnuJ:6j+1NMOtEvwDpjrobW
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-05_4673e2e17f61aca171b381467f34830a_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-05_4673e2e17f61aca171b381467f34830a_cryptolocker.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-05_4673e2e17f61aca171b381467f34830a_cryptolocker
-
Size
42KB
-
MD5
4673e2e17f61aca171b381467f34830a
-
SHA1
1980e57bbefdd9776d15d36ad35068db75aa7f63
-
SHA256
d0fd9d8d57cc3c779a74576bbad0eb74a04a4c6c6c783536bad7105071ad9ca8
-
SHA512
783e94564c426a41308f420b580e8efe1e4cca9f88216a20417feb441e39a71ea58e569f5c38aa869a6f1c0c64f539c91694ab513f4d3c7308674ad982d262d6
-
SSDEEP
768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqhMWKajnuJ:6j+1NMOtEvwDpjrobW
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-