Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
20/08/2023, 10:35
Static task
static1
Behavioral task
behavioral1
Sample
50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe
-
Size
45KB
-
MD5
50c3e4959db59b1e862e1204aef8f626
-
SHA1
6958b6ac7cf5d9ca915d75b9b05c3f9cbf894a37
-
SHA256
a8a04863dd21972a853612eb631ee09aebf9b331fad88ba7023313b5f51ec4cf
-
SHA512
296553e054690771e8b0ea171c28ccc2bae0e911c70b036eee5bda407cb6707a87f245720c7555b0c4ed38fad1553c329f13812ee5d6f404bc232ac4e7846be1
-
SSDEEP
768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXKZ:bIDOw9a0DwitDZzo
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2616 lossy.exe -
Loads dropped DLL 1 IoCs
pid Process 532 50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 532 wrote to memory of 2616 532 50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe 28 PID 532 wrote to memory of 2616 532 50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe 28 PID 532 wrote to memory of 2616 532 50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe 28 PID 532 wrote to memory of 2616 532 50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\50c3e4959db59b1e862e1204aef8f626_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:532 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:2616
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5bb507401e76ed36d980ae9e30f814304
SHA192761feed019b496723619fd12cdeac6d5d085ff
SHA256bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae
SHA512bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d
-
Filesize
45KB
MD5bb507401e76ed36d980ae9e30f814304
SHA192761feed019b496723619fd12cdeac6d5d085ff
SHA256bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae
SHA512bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d
-
Filesize
45KB
MD5bb507401e76ed36d980ae9e30f814304
SHA192761feed019b496723619fd12cdeac6d5d085ff
SHA256bf05306148e52531a703bc3e4beaa786e03187f9f7d81809e69eae1c1fb26dae
SHA512bf39f254fcbec5de5bdeaec0c745aa9eff43f674fb868bd9c8555678a2a764d6fe1a97934cd945a8e1191b79f3689cd3942f8f3c33a0ae0d91aabbc90785011d