cryptolocker | 2f22149afadb4f6a8d48a15a2d7858b2b0b2c75e934a5c83e02d6e4626231010 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

hel.txt

windows7-x64

Sharing

General

Target

vm.zip
Size

3.6MB
Sample

250203-w59jhsyqh1
MD5

4265e07f7603566c1fc7cd20cb7185c4
SHA1

871767407e110bb5f10a13a57af1ca0e4922e607
SHA256

2f22149afadb4f6a8d48a15a2d7858b2b0b2c75e934a5c83e02d6e4626231010
SHA512

f2ff0273ddf29608d6b64919fd2d5389d4792f40b8c39ba8bbdd0804a3339903b2d157af66119154e732d516a164ed88f85da9a76a2c185dca301fd787a02a48
SSDEEP

98304:u3lexRo6sf3lexRo6duxurvVgVGiYaae8Sj3:u3kxof3kx4xurvoZYpeR

Score

10^/10

cryptolocker bootkit defense_evasion discovery persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

hel.txt

Resource

win7-20240903-en

cryptolocker bootkit defense_evasion discovery persistence ransomware

windows7-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  hel.txt
- Size
  
  892B
- MD5
  
  b345c18d07cd75bbf50ebe6e5cd2c028
- SHA1
  
  5a4c5379eeeecd8c738b71819dce2b902af7403f
- SHA256
  
  15c86a3137b696fcb99e075a6369cbdc6f71a14f84150b7abf72823677393cee
- SHA512
  
  7ed61b75339b768c4f40bca8815405b073e6945199c4edbe982e9dc18ced81819887fcebcbfdf0086edc9c735938b0bad04bbc668356f07c396c7e2f9bc5b7e1
Score

10^/10

cryptolocker bootkit defense_evasion discovery persistence ransomware
- CryptoLocker
  Ransomware family with multiple variants.
  ransomware cryptolocker
- Cryptolocker family
  cryptolocker
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cryptolockerbootkitdefense_evasiondiscoverypersistenceransomware

© 2018-2025

Terms | Privacy