Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-09_3e8595398981d26624de50765fe40928_cryptolocker
-
Size
31KB
-
Sample
240509-y68dysch4s
-
MD5
3e8595398981d26624de50765fe40928
-
SHA1
be14c15906804a6e8ef58f126799cb6aef04e6f7
-
SHA256
f8470599a8954ae9f4c6b57216a54684717fb75976e337c7e09184149aabda48
-
SHA512
fb0add0bb9669e04ac3500718720fa0c7f749af81a182531801ba9ed243b2eb4fec8b1de571c07383992dcc9ad4355cea175f7ed1210af4ac7ae3e2be0a0db23
-
SSDEEP
384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGOT:bG74zYcgT/Ekd0ryfjp
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-09_3e8595398981d26624de50765fe40928_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-09_3e8595398981d26624de50765fe40928_cryptolocker.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-05-09_3e8595398981d26624de50765fe40928_cryptolocker
-
Size
31KB
-
MD5
3e8595398981d26624de50765fe40928
-
SHA1
be14c15906804a6e8ef58f126799cb6aef04e6f7
-
SHA256
f8470599a8954ae9f4c6b57216a54684717fb75976e337c7e09184149aabda48
-
SHA512
fb0add0bb9669e04ac3500718720fa0c7f749af81a182531801ba9ed243b2eb4fec8b1de571c07383992dcc9ad4355cea175f7ed1210af4ac7ae3e2be0a0db23
-
SSDEEP
384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGOT:bG74zYcgT/Ekd0ryfjp
Score9/10-
Detection of CryptoLocker Variants
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-