Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-04-25_7012431beb1639564fc38e397d58c8bf_cryptolocker
-
Size
62KB
-
Sample
240425-v3klyadb52
-
MD5
7012431beb1639564fc38e397d58c8bf
-
SHA1
fe04c3d8d80026a9d5783c079acd7ab063f37475
-
SHA256
95a117fb31c8bfef895108444f6f2edd7a1431cd30805b2946d653c851be9391
-
SHA512
53e13340f51cf1792169469ab7e243d4b627b5bbcd7a426bef64c422a2198cb2959a3142cf32adad4ece61b3e347c90d849925e7e5418500052c74829fa3a1e9
-
SSDEEP
1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsiJ:BbdDmjr+OtEvwDpjM8Q
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-25_7012431beb1639564fc38e397d58c8bf_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-25_7012431beb1639564fc38e397d58c8bf_cryptolocker.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-25_7012431beb1639564fc38e397d58c8bf_cryptolocker
-
Size
62KB
-
MD5
7012431beb1639564fc38e397d58c8bf
-
SHA1
fe04c3d8d80026a9d5783c079acd7ab063f37475
-
SHA256
95a117fb31c8bfef895108444f6f2edd7a1431cd30805b2946d653c851be9391
-
SHA512
53e13340f51cf1792169469ab7e243d4b627b5bbcd7a426bef64c422a2198cb2959a3142cf32adad4ece61b3e347c90d849925e7e5418500052c74829fa3a1e9
-
SSDEEP
1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsiJ:BbdDmjr+OtEvwDpjM8Q
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-