Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-28_f3293df4d1a7668bc663213adfc6d26a_cryptolocker

  • Size

    65KB

  • Sample

    240428-gjd36ahd84

  • MD5

    f3293df4d1a7668bc663213adfc6d26a

  • SHA1

    9644e6059e12ee5faab28a1df16cd7cda24ec8ad

  • SHA256

    60ac3ba5b4cb94ecfc94e682bc30dfaf8b58671b0e43ff147bdd7f56afa04608

  • SHA512

    d1d6a529973378bed4f47942595000faeeb98b25a2fba4d86e8f8ed581304723d56d649e0c1b04bfa3a6143742276280b37acd5756140170b80542c2b466dfdd

  • SSDEEP

    1536:P8mnK6QFElP6n+gymddpMOtEvwDpjYZ8xDyU:1nK6a+qdOOtEvwDpj3

Score
10/10
upx

Malware Config

Targets

    • Target

      2024-04-28_f3293df4d1a7668bc663213adfc6d26a_cryptolocker

    • Size

      65KB

    • MD5

      f3293df4d1a7668bc663213adfc6d26a

    • SHA1

      9644e6059e12ee5faab28a1df16cd7cda24ec8ad

    • SHA256

      60ac3ba5b4cb94ecfc94e682bc30dfaf8b58671b0e43ff147bdd7f56afa04608

    • SHA512

      d1d6a529973378bed4f47942595000faeeb98b25a2fba4d86e8f8ed581304723d56d649e0c1b04bfa3a6143742276280b37acd5756140170b80542c2b466dfdd

    • SSDEEP

      1536:P8mnK6QFElP6n+gymddpMOtEvwDpjYZ8xDyU:1nK6a+qdOOtEvwDpj3

    Score
    9/10
    • Detection of CryptoLocker Variants

    • Detection of Cryptolocker Samples

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks