Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
08/08/2023, 15:23
Behavioral task
behavioral1
Sample
96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe
-
Size
71KB
-
MD5
96d2e1bc5de48a518e0cf7a01db47231
-
SHA1
84fd697e72aab98b15732e82bff717ff58a7b40d
-
SHA256
f81ad96288d0e3303762997dba26b85670b99bb1b98c3ea54845b025a82db8d9
-
SHA512
49506fb40f9b80a6e06a101b135298648da101ac4df8c43f1f3173cda062a0f4044269c84e0ca6f4b9b9774d4a167905c342403ae5180b787949b8465f6c82e2
-
SSDEEP
1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOA+z:T6a+rdOOtEvwDpjNN
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2232 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1708 96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe -
resource yara_rule behavioral1/memory/1708-54-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x0007000000012107-65.dat upx behavioral1/files/0x0007000000012107-68.dat upx behavioral1/memory/2232-70-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/1708-69-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x0007000000012107-79.dat upx behavioral1/memory/2232-80-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1708 wrote to memory of 2232 1708 96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe 28 PID 1708 wrote to memory of 2232 1708 96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe 28 PID 1708 wrote to memory of 2232 1708 96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe 28 PID 1708 wrote to memory of 2232 1708 96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\96d2e1bc5de48a518e0cf7a01db47231_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2232
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD55211ffe271ad1f4eb2df4bf6b3004013
SHA114581cb0d415c71992ad1c031d2ff13efd065dac
SHA2562a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3
SHA512dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96
-
Filesize
71KB
MD55211ffe271ad1f4eb2df4bf6b3004013
SHA114581cb0d415c71992ad1c031d2ff13efd065dac
SHA2562a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3
SHA512dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96
-
Filesize
71KB
MD55211ffe271ad1f4eb2df4bf6b3004013
SHA114581cb0d415c71992ad1c031d2ff13efd065dac
SHA2562a5db1f0c303b506eeb3abc55459111f81a382cc2dc389f4af28b70b86d2fae3
SHA512dacbc914d8bbe458a2b3eaceb069c0dd6f991374aa8b1e5b46bde1521c6d4ff8a554c07c98b459aec205050671899b6224136410fd0da712e455aab7e3f90e96