Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3a-7/crypto...a7.exe
windows7-x64
1a-7/crypto...a7.exe
windows10-2004-x64
1a-7/crypto...a7.exe
windows7-x64
10a-7/crypto...a7.exe
windows10-2004-x64
10a-8/crypto...a8.exe
windows7-x64
1a-8/crypto...a8.exe
windows10-2004-x64
1a-8/crypto...a8.exe
windows7-x64
10a-8/crypto...a8.exe
windows10-2004-x64
10a-9/crypto...a9.exe
windows7-x64
1a-9/crypto...a9.exe
windows10-2004-x64
1a-9/crypto...a9.exe
windows7-x64
10a-9/crypto...a9.exe
windows10-2004-x64
10General
-
Target
1c479a22f8c67aa1042d3f51d7b90e336fd025b0e8004bb1a34af067ff797fbe
-
Size
752KB
-
Sample
240514-qct1gagg52
-
MD5
cc358ecddfda2fa50bdf9fe5953d48e3
-
SHA1
c11c56a1ab2651e93068e94ef144fb3d35ca10f3
-
SHA256
1c479a22f8c67aa1042d3f51d7b90e336fd025b0e8004bb1a34af067ff797fbe
-
SHA512
a6009d7481ba7cb149a0db25eaaf170bc04d89db3a44b8d24a0465efc413f1261c75cdfed41f246786a424d01c26ab22ba7242be15f51930e4d1ddd96e74d850
-
SSDEEP
12288:Wwfln/Rt8y4yrT/1X5wfRQopB/h43h7T5ndaSvH92b2Zzfmwof80eoobBz:WwfFZt8y4yTFCfRQoDh4355ndcb9wO2
Static task
static1
Behavioral task
behavioral1
Sample
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/decrypt-a7.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/decrypt-a7.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/encrypt-a7.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/encrypt-a7.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/decrypt-a8.exe
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/decrypt-a8.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/encrypt-a8.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/encrypt-a8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/decrypt-a9.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/decrypt-a9.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/encrypt-a9.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/encrypt-a9.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Extracted
C:\Users\Public\Desktop\README_LOCKED.txt
Targets
-
-
Target
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/decrypt-a7.exe
-
Size
949KB
-
MD5
06921f50200d5f4c14ed2b5c778774ae
-
SHA1
96afb847777743595f7a7c412da6c3425e95cfd4
-
SHA256
d007e599337296b1c90d51396952fd07151acf479f2504768fa5f04d07fec760
-
SHA512
a944745c44bc38aef847cd74647edcd5127d8792dfd7f87133bc593ba747fdddb431223000234ccaa60598387b7465da0dea770fb84dadce6bd870a4ccd7eaeb
-
SSDEEP
24576:WpiXhwGNyLRuBHs8AmDDXw9QXwnXiee0EBZAoHt+:+iXy+Hs8AmSinBZAoHt+
Score1/10 -
-
-
Target
a-7/crypto-locker-1.4.4.1-a7-Runtime/bin/encrypt-a7.exe
-
Size
1.2MB
-
MD5
66b9f03ccf1b0c4b2dad55d3f60b040c
-
SHA1
d330988c7baf1ca42ac40a9990a5626894c628c4
-
SHA256
2ce4984a74a36dcdc380c435c9495241db4ca7e107fc2ba50d2fe775fb6b73ce
-
SHA512
c61a75ad69165d3ee6140553b945b2739e2380678fc2fbb0b6df4dd71fef3a3cb1d5f8edf306da119c7be36d9f19a1c6aee208b03472d0f5791ae4c591b0c47b
-
SSDEEP
24576:LuUKt2yozDn6ptlc71LGIsubFK7cjvzYwZDwisVTtgpTph2K/:CUKthozDn6XlAFfjvzBSPT6pTphT/
Score10/10-
LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
-
Renames multiple (3285) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/decrypt-a8.exe
-
Size
949KB
-
MD5
18af697495b3cc93bb9847dc24568795
-
SHA1
814d196c47318e19faebe7452c5d35a6ea62e1af
-
SHA256
b5430088a5c947327f5974863d56d86a26a223081a0ba4805131bb036a0e7872
-
SHA512
6f87a67ec71018979d9b3f890873935109ed657c1f75bdbd3300398327c45380ea576acd2e2e18afe7fb4fde27657d8b2522afb01c8415e3e1d4d6dc2063268d
-
SSDEEP
24576:ypiXhwGNyLRuBHs8AmDDXw9QXwnXiee03BdAoHt+:CiXy+Hs8AmSiMBdAoHt+
Score1/10 -
-
-
Target
a-8/crypto-locker-1.4.4.1-a8-Runtime/bin/encrypt-a8.exe
-
Size
1.2MB
-
MD5
d31b5a2c8a26296a207a1528ee6d9258
-
SHA1
9a2a152dee5276ad5dd8340fa8a59025754f7b6d
-
SHA256
d866e83d3f09768f47133eb94050dafff597631a9b1894e6cfe7174d23a4528f
-
SHA512
7b79dda826f4fafbcd19437da1a42b26442e44c6d51e52c36e5804f9705380ff3fe626a94788876076701d38443d521fe195218d1d5c0acdf95595cab666e642
-
SSDEEP
24576:buUKt2yozDn6ptlc71LGIsubFK7cjvzYwZDwisVTtgATpbpK/:SUKthozDn6XlAFfjvzBSPT6ATpbc/
Score10/10-
LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
-
Renames multiple (4594) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/decrypt-a9.exe
-
Size
949KB
-
MD5
7b229af4af11067bae852f99a7de58f9
-
SHA1
748b64147607c904093909085f24518cc35f5a28
-
SHA256
0d1159c9bd4a9a8f81190c2269e8be28b0dd51a2198ef47a9c6daa4e7d9fcd2f
-
SHA512
5d4770b840313c0512ca97572f46803ccc966906f3595c662608fbceedff62da2bd1fb8bff1542243bdd99639b2db37e21a5403c59622f061fb07662c64e853e
-
SSDEEP
24576:TpiXhwGNyLRuBHs8AmDDXw9QXwnXiee0WBiAoHt+:9iXy+Hs8AmSiJBiAoHt+
Score1/10 -
-
-
Target
a-9/crypto-locker-1.4.4.1-a9-Runtime/bin/encrypt-a9.exe
-
Size
1.2MB
-
MD5
f59c149db98488ac6b8d621a3d13aeb2
-
SHA1
1da2bd0c0864a2eb4fc43ca93c383e28f5ba461a
-
SHA256
6aa73f492b4dc52322ae8443a730c279c621a99dae4e8cb873c7a96dd4c6561f
-
SHA512
df8e731262c175d5a32ae5cfb8604813adae361c283c39464c9566377067fb1990466797495039d3e3a9d70324f05b47da17a2b92663cf0152321ac8634b6134
-
SSDEEP
24576:ieUKt2yozDn6ptlov1LGIsubFK7cjvzAwZDwisVTtk8TpQWK/:bUKthozDn6XlIFfjvz5SPTu8TpQz/
Score10/10-
LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
-
Renames multiple (3196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-