Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2023, 15:27
Behavioral task
behavioral1
Sample
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe
-
Size
62KB
-
MD5
14830d9f36653fd16633be626fa762c3
-
SHA1
c7d245cecb8719383d9f10f396cbb128cd104229
-
SHA256
22b5cd6de14042d0d44984e4402e4a9b684c4a4d5b22333c197d74ee775149b2
-
SHA512
c08da3259efbb553c758cab41c5c06f8472fcf30bbcd010344222cf64a962b254eef2c5bab4a410a8365e9ee00e4fd2a3a4f149eff1ff91418104cd58461a9ca
-
SSDEEP
1536:P8mnK6QFElP6n+gymddpMOtEvwDpjYXUXojZJW:1nK6a+qdOOtEvwDpj3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4708 asih.exe -
resource yara_rule behavioral2/memory/208-133-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral2/files/0x0008000000023276-146.dat upx behavioral2/files/0x0008000000023276-148.dat upx behavioral2/files/0x0008000000023276-149.dat upx behavioral2/memory/208-150-0x0000000000500000-0x000000000050F311-memory.dmp upx behavioral2/memory/4708-159-0x0000000000500000-0x000000000050F311-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 208 wrote to memory of 4708 208 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 83 PID 208 wrote to memory of 4708 208 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 83 PID 208 wrote to memory of 4708 208 14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\14830d9f36653fd16633be626fa762c3_cryptolocker_JC.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:4708
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d
-
Filesize
62KB
MD55cb74bbe0190ab4e30c6a1c4a43efc7f
SHA154c157a48edf1600694413569e9d51a501487359
SHA2568ec473b4aa5f7627b51101fa4cf22649117398f83d68fd62222a2c84bf8ded3d
SHA5122dfdd48f21525c3047afe293878278ceaa957aec5b633ad91cd1b1ce2e6198bb0ba2ec45d07a975cc4b415e9cdd71c26523277bfcaf9f55f6ecb5ba7db319b7d