Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
22/10/2023, 10:20 UTC
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe
-
Size
44KB
-
MD5
7c51b774b72c23e11fb2489aa6eb4a5c
-
SHA1
f5dda175bb66d61f0e6bdeb686be153911f1dfbc
-
SHA256
5cca4b73cf871a778d5ccfc50fa2f812e2ab966fba772bc87dea689ffb6283d1
-
SHA512
d7b0e20a82b5f39a40009c1341cc05be4948d4df40d8a35df6213bd16584f0ffb02423c976834d2c5749c61bd7363e0839619b9d8e74c61e6c7554ba6899511e
-
SSDEEP
768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUUMV:vj+jsMQMOtEvwDpj5Hczer5iNV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2672 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2144 NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2144 wrote to memory of 2672 2144 NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe 28 PID 2144 wrote to memory of 2672 2144 NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe 28 PID 2144 wrote to memory of 2672 2144 NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe 28 PID 2144 wrote to memory of 2672 2144 NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2672
-
Network
-
Remote address:8.8.8.8:53Requestbestccc.comIN AResponsebestccc.comIN A103.14.121.240
-
392 B 219 B 5 5
-
354 B 219 B 5 5
-
152 B 3
-
152 B 3
-
288 B 219 B 5 5
-
190 B 132 B 4 3
-
392 B 219 B 5 5
-
354 B 219 B 5 5
-
152 B 3
-
152 B 3
-
288 B 219 B 5 5
-
152 B 3
-
190 B 132 B 4 3
-
152 B 3
-
152 B 3
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD54614fb7c4c12041673f1e74df4350eb5
SHA1bcdcb4dacb7ffac6bc334628ae056e27b210161b
SHA2562372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5
SHA512a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b
-
Filesize
44KB
MD54614fb7c4c12041673f1e74df4350eb5
SHA1bcdcb4dacb7ffac6bc334628ae056e27b210161b
SHA2562372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5
SHA512a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b
-
Filesize
44KB
MD54614fb7c4c12041673f1e74df4350eb5
SHA1bcdcb4dacb7ffac6bc334628ae056e27b210161b
SHA2562372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5
SHA512a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b