Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
17/08/2023, 15:27
Behavioral task
behavioral1
Sample
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
-
Size
62KB
-
MD5
14830d9f36653fd16633be626fa762c3
-
SHA1
c7d245cecb8719383d9f10f396cbb128cd104229
-
SHA256
22b5cd6de14042d0d44984e4402e4a9b684c4a4d5b22333c197d74ee775149b2
-
SHA512
c08da3259efbb553c758cab41c5c06f8472fcf30bbcd010344222cf64a962b254eef2c5bab4a410a8365e9ee00e4fd2a3a4f149eff1ff91418104cd58461a9ca
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjYXUXojZJW:1nK6a+qdOOtEvwDpj3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3032 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2804 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe -
resource yara_rule behavioral1/memory/2804-54-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000e00000001201e-65.dat upx behavioral1/memory/2804-69-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/memory/2804-67-0x0000000001FF0000-0x0000000002000000-memory.dmp upx behavioral1/memory/3032-72-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral1/files/0x000e00000001201e-70.dat upx behavioral1/files/0x000e00000001201e-80.dat upx behavioral1/memory/3032-82-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2804 wrote to memory of 3032 2804 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 28 PID 2804 wrote to memory of 3032 2804 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 28 PID 2804 wrote to memory of 3032 2804 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 28 PID 2804 wrote to memory of 3032 2804 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:3032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d