Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2023, 18:32

General

  • Target

    414d9a928f8967c5a91bf5d0133c97ed_cryptolocker_JC.exe

  • Size

    87KB

  • MD5

    414d9a928f8967c5a91bf5d0133c97ed

  • SHA1

    41e1f407520068f4c8f0e20b4c59a448cf77f4c1

  • SHA256

    3884e4e961a49ecffdf7bf2d0bb4bbbb10e758059a5a2e15f2c66975fd9b004a

  • SHA512

    5f265aadb587cae7d034911ee1ba2c20d71549d1666d0eb8b61a96ff2be7180bf9bafc2db5f6ecd56a5f2861085c8a8788bf8c8fca6213b48765c773bf465b04

  • SSDEEP

    1536:zj+soPSMOtEvwDpj4ktBl01hJl8QAPM8Ho6cRDjF:zCsanOtEvwDpjw

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\414d9a928f8967c5a91bf5d0133c97ed_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\414d9a928f8967c5a91bf5d0133c97ed_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    88KB

    MD5

    9b09a941d82792f72a313668d916654f

    SHA1

    6034168c3447449f6a4e0da92f96ad3dba56d44e

    SHA256

    d0e5aa1d32c707c5fab3865cdb633bda832c5de93c551633805d3776c0305174

    SHA512

    810a8da2a74aefa79a03f0a8a8de2c5ab93e6ac4fc23e689b4a9e4e4cb53c0b31427bcb4794e0a72a17276f497b7a18f089e043142c2b2e9f7515a0fdee6c65e

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    88KB

    MD5

    9b09a941d82792f72a313668d916654f

    SHA1

    6034168c3447449f6a4e0da92f96ad3dba56d44e

    SHA256

    d0e5aa1d32c707c5fab3865cdb633bda832c5de93c551633805d3776c0305174

    SHA512

    810a8da2a74aefa79a03f0a8a8de2c5ab93e6ac4fc23e689b4a9e4e4cb53c0b31427bcb4794e0a72a17276f497b7a18f089e043142c2b2e9f7515a0fdee6c65e

  • \Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    88KB

    MD5

    9b09a941d82792f72a313668d916654f

    SHA1

    6034168c3447449f6a4e0da92f96ad3dba56d44e

    SHA256

    d0e5aa1d32c707c5fab3865cdb633bda832c5de93c551633805d3776c0305174

    SHA512

    810a8da2a74aefa79a03f0a8a8de2c5ab93e6ac4fc23e689b4a9e4e4cb53c0b31427bcb4794e0a72a17276f497b7a18f089e043142c2b2e9f7515a0fdee6c65e

  • memory/596-69-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/596-71-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

  • memory/596-72-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

  • memory/596-79-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1372-54-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

  • memory/1372-53-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

  • memory/1372-56-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

  • memory/1372-55-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

  • memory/1372-67-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB