Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
24/08/2023, 15:36
Static task
static1
Behavioral task
behavioral1
Sample
81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe
Resource
win10v2004-20230824-en
General
-
Target
81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe
-
Size
117KB
-
MD5
81b68ac19403f706cd0cb6678b2bc97b
-
SHA1
969b875fdab4d470de3f1c4a8c423853469282e4
-
SHA256
06fc338df2bdc6038e24069e94f4e9979bd1f3c961d75dac1e2ac51566a9b9e0
-
SHA512
efff07481f2d9b81274cde1d838befef2040ff3df9399444adb7202d8061f13b54fd64e5c1231494b57aa43ac76ed88d8d5602f8628a23c423efa9f473d93873
-
SSDEEP
768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBT2:gUj+AIMOtEvwDpjNbwQEIPlemUhYm
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2660 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 1400 81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1400 wrote to memory of 2660 1400 81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe 28 PID 1400 wrote to memory of 2660 1400 81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe 28 PID 1400 wrote to memory of 2660 1400 81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe 28 PID 1400 wrote to memory of 2660 1400 81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\81b68ac19403f706cd0cb6678b2bc97b_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1400 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
117KB
MD5e6d45b324069dbeba1ca877918bba414
SHA13a0bd17db525a3bc355b769a45cd08258c8ae082
SHA25621a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d
SHA51291aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4
-
Filesize
117KB
MD5e6d45b324069dbeba1ca877918bba414
SHA13a0bd17db525a3bc355b769a45cd08258c8ae082
SHA25621a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d
SHA51291aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4
-
Filesize
117KB
MD5e6d45b324069dbeba1ca877918bba414
SHA13a0bd17db525a3bc355b769a45cd08258c8ae082
SHA25621a2cf10865f22b4dc414eeb38e470ce3474723f98d28eca6a65dcbf41ee836d
SHA51291aadb2cbf74b0b659585d03cc829b9d04d459c2962d7ad3bcbfbe91ee68a0dc6adcd4d4243ab6849270f0959b771eb009f5fb058dcfa5a9f83c35dbfb9652b4