Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

bc41543926...18.zip

windows7-x64

1

Documents/...er.exe

windows7-x64

10

Documents/...ll.exe

windows7-x64

9

Documents/...aw.exe

windows7-x64

10

Documents/...ky.exe

windows7-x64

10

Documents/...31.exe

windows7-x64

1

Documents/...3 .exe

windows7-x64

7

Documents/...d9.dll

windows7-x64

10

Documents/...63b.gz

windows7-x64

3

Documents/...bin.gz

windows7-x64

3

Documents/...097.gz

windows7-x64

3

fe2e5d0543...L9.rtf

windows7-x64

4

Documents/...uy.hta

windows7-x64

10

Documents/...st.exe

windows7-x64

7

Documents/...39.exe

windows7-x64

6

Documents/...5c.exe

windows7-x64

6

Documents/...00.exe

windows7-x64

7

out.exe

windows7-x64

3

Documents/...16.zip

windows7-x64

1

Supplement...16.scr

windows7-x64

3

Documents/...ZSFwgb

windows7-x64

1

Documents/...96.exe

windows7-x64

Documents/...ed.exe

windows7-x64

Documents/...70.exe

windows7-x64

9

Documents/...67.exe

windows7-x64

10

Documents/...56.exe

windows7-x64

10

Documents/...ab.exe

windows7-x64

8

Documents/...3a.exe

windows7-x64

8

Documents/...73.exe

windows7-x64

8

Documents/...ry.zip

windows7-x64

1

ed01ebfbc9...aa.exe

windows7-x64

10

Documents/...aa.exe

windows7-x64

10

Resubmissions

22/08/2024, 18:43 UTC

240822-xc563asamh 10

21/08/2024, 17:16 UTC

240821-vtjnaathnq 10

30/06/2024, 00:59 UTC

240630-bcjr6svbkk 10

20/06/2024, 02:02 UTC

240620-cf43ysxbnk 10

20/06/2024, 01:44 UTC

240620-b5v1xawemk 10

19/06/2024, 01:10 UTC

240619-bjmseavfmp 10

18/06/2024, 20:40 UTC

240618-zfwsxawdpa 10

18/06/2024, 13:45 UTC

240618-q2vcjawdle 10

Analysis

  • max time kernel
    140s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/06/2024, 20:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Documents/Ransomware.Locky/Locky.exe

  • Size

    180KB

  • MD5

    b06d9dd17c69ed2ae75d9e40b2631b42

  • SHA1

    b606aaa402bfe4a15ef80165e964d384f25564e4

  • SHA256

    bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3

  • SHA512

    8e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c

  • SSDEEP

    3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ86:gdLl4wkZa/UDiD7ukst1H6

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky

Processes

  • C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe
    "C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Locky\Locky.exe"
    1⤵
      PID:1628

    Network

    • flag-us
      DNS
      tfejdddyvxyru.yt
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      tfejdddyvxyru.yt
      IN A
      Response
    • flag-us
      DNS
      hueyl.fr
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      hueyl.fr
      IN A
      Response
    • flag-us
      DNS
      ukblbbyu.pm
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      ukblbbyu.pm
      IN A
      Response
    • flag-us
      DNS
      mwdijwf.pw
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      mwdijwf.pw
      IN A
      Response
      mwdijwf.pw
      IN A
      162.249.64.234
    • flag-us
      DNS
      duwqhitndg.nl
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      duwqhitndg.nl
      IN A
      Response
    • flag-us
      DNS
      cpolwwijoiugtu.in
      Locky.exe
      Remote address:
      8.8.8.8:53
      Request
      cpolwwijoiugtu.in
      IN A
      Response
    • 162.249.64.234:80
      mwdijwf.pw
      Locky.exe
      152 B
       120 B
       3
      3
    • 86.104.134.144:80
      Locky.exe
      152 B
       3
    • 162.249.64.234:80
      mwdijwf.pw
      Locky.exe
      152 B
       120 B
       3
      3
    • 86.104.134.144:80
      Locky.exe
      152 B
       3
    • 162.249.64.234:80
      mwdijwf.pw
      Locky.exe
      152 B
       80 B
       3
      2
    • 86.104.134.144:80
      Locky.exe
      152 B
       3
    • 8.8.8.8:53
      tfejdddyvxyru.yt
      dns
      Locky.exe
      62 B
       122 B
       1
      1

      DNS Request

      tfejdddyvxyru.yt

    • 8.8.8.8:53
      hueyl.fr
      dns
      Locky.exe
      54 B
       112 B
       1
      1

      DNS Request

      hueyl.fr

    • 8.8.8.8:53
      ukblbbyu.pm
      dns
      Locky.exe
      57 B
       117 B
       1
      1

      DNS Request

      ukblbbyu.pm

    • 8.8.8.8:53
      mwdijwf.pw
      dns
      Locky.exe
      56 B
       72 B
       1
      1

      DNS Request

      mwdijwf.pw

      DNS Response

      162.249.64.234

    • 8.8.8.8:53
      duwqhitndg.nl
      dns
      Locky.exe
      59 B
       130 B
       1
      1

      DNS Request

      duwqhitndg.nl

    • 8.8.8.8:53
      cpolwwijoiugtu.in
      dns
      Locky.exe
      63 B
       116 B
       1
      1

      DNS Request

      cpolwwijoiugtu.in

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1628-0-0x00000000001B0000-0x00000000001B4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/1628-1-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-3-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-7-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-8-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-11-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-12-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    • memory/1628-13-0x0000000000400000-0x00000000007D1000-memory.dmp

      Filesize

      3.8MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.