Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
22/08/2023, 18:57
Static task
static1
Behavioral task
behavioral1
Sample
7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe
-
Size
57KB
-
MD5
7241d1b763f2a3d4a131eb58b9e2b7e3
-
SHA1
711de3fc270abd0af40fc1e827359aa884152999
-
SHA256
d65edea4671e2a274bb9192cb4244e7d48babd633ed4ed59406b76dfe3c25810
-
SHA512
71fbed89bcf92e2d9035694d526377aaa4382d5d35304d63c8b393a5f4308602a0303238d027ea74e2015d99cf54adb39d0337b5f06d6912a51c5db91fb97a70
-
SSDEEP
768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylcbL7uxEUS+:79mqyNhQMOtEvwDpjBPY7xv3gy7ux1S+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2268 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2660 7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2660 wrote to memory of 2268 2660 7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe 28 PID 2660 wrote to memory of 2268 2660 7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe 28 PID 2660 wrote to memory of 2268 2660 7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe 28 PID 2660 wrote to memory of 2268 2660 7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\7241d1b763f2a3d4a131eb58b9e2b7e3_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2268
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD554ccf8812d1badcbda8d2905683216bf
SHA1d80c849f0708d84a352dfedd71561a5be204a0ce
SHA2566e3df04cf164defa0fd500c62f2f3c1e6be5db02f8bade7f0d6424fef2b745af
SHA5126365da8ed9829311d60548ab3099bf1913105bf6ec5486c9895ccc094839ecf86328e8a7626e3df2b92448649634064d87aa38a734dc9d7ffc7d49cbf96d0600
-
Filesize
57KB
MD554ccf8812d1badcbda8d2905683216bf
SHA1d80c849f0708d84a352dfedd71561a5be204a0ce
SHA2566e3df04cf164defa0fd500c62f2f3c1e6be5db02f8bade7f0d6424fef2b745af
SHA5126365da8ed9829311d60548ab3099bf1913105bf6ec5486c9895ccc094839ecf86328e8a7626e3df2b92448649634064d87aa38a734dc9d7ffc7d49cbf96d0600
-
Filesize
57KB
MD554ccf8812d1badcbda8d2905683216bf
SHA1d80c849f0708d84a352dfedd71561a5be204a0ce
SHA2566e3df04cf164defa0fd500c62f2f3c1e6be5db02f8bade7f0d6424fef2b745af
SHA5126365da8ed9829311d60548ab3099bf1913105bf6ec5486c9895ccc094839ecf86328e8a7626e3df2b92448649634064d87aa38a734dc9d7ffc7d49cbf96d0600