Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-05-29_aa71597e3dbeb4accf35ac989307f8b9_cryptolocker
-
Size
95KB
-
Sample
240529-e8cwaaaf5z
-
MD5
aa71597e3dbeb4accf35ac989307f8b9
-
SHA1
43e63c09d325ae2cf9c142651b21c2db3cd4391c
-
SHA256
a97c3e527f4fa0465ad13ae5eae6d07be0a6ccc4350cdb9d1f61b850b9f795d9
-
SHA512
95f41ebcdac886b6f34b231f8de887216764b5e862f760a575cd99b02e531db2f0c5b7cd585b2b0cbc899d197513a0abe343c0c56f799e8b8595e4797875c03c
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp0+S:AnBdOOtEvwDpj6z1
Behavioral task
behavioral1
Sample
2024-05-29_aa71597e3dbeb4accf35ac989307f8b9_cryptolocker.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-05-29_aa71597e3dbeb4accf35ac989307f8b9_cryptolocker.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024-05-29_aa71597e3dbeb4accf35ac989307f8b9_cryptolocker
-
Size
95KB
-
MD5
aa71597e3dbeb4accf35ac989307f8b9
-
SHA1
43e63c09d325ae2cf9c142651b21c2db3cd4391c
-
SHA256
a97c3e527f4fa0465ad13ae5eae6d07be0a6ccc4350cdb9d1f61b850b9f795d9
-
SHA512
95f41ebcdac886b6f34b231f8de887216764b5e862f760a575cd99b02e531db2f0c5b7cd585b2b0cbc899d197513a0abe343c0c56f799e8b8595e4797875c03c
-
SSDEEP
1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwNgp0+S:AnBdOOtEvwDpj6z1
Score9/10-
Detection of CryptoLocker Variants
-
Detection of Cryptolocker Samples
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-