Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/01/2024, 15:13
Behavioral task
behavioral1
Sample
2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe
-
Size
74KB
-
MD5
110e726ba3d8c204545f32831e719c24
-
SHA1
a5f73b66b4fee7da435d3a40c1b7805a21664aeb
-
SHA256
bf0e262933e7c8c3b504d6f1edd268ead9a6e9f334cc5521de1c91739f926b6d
-
SHA512
e800761b36077be0c8ba446d9ed5b0376f14da136d12803d5f485d57359ae08d83033ee56b0a6f99b907f6f6aada7eaebd9af12b7fba29b70e1e53e5e2352091
-
SSDEEP
1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOAkXtBdh:T6a+rdOOtEvwDpjNtH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2704 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1756 2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe -
resource yara_rule behavioral1/memory/1756-0-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/files/0x0009000000012261-11.dat upx behavioral1/memory/1756-15-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/2704-18-0x0000000000500000-0x0000000000510000-memory.dmp upx behavioral1/memory/2704-27-0x0000000000500000-0x0000000000510000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1756 wrote to memory of 2704 1756 2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe 28 PID 1756 wrote to memory of 2704 1756 2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe 28 PID 1756 wrote to memory of 2704 1756 2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe 28 PID 1756 wrote to memory of 2704 1756 2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD513310f03fb5779596b5802b4d1af58d1
SHA1ce0a9068632d6db037a1e1cd207d748df65a69de
SHA2563c18ecd66bd5a6c29fb2d831b150c46e6d2a90a89df9987f083af2a1d2dda01f
SHA51209da8f9d7aa42dd0a410e725ad3ee20aa0003c56f9781a30f82242b653fd7af58f73d4c0573c0386498113815a5ba80f2e27ac2f419138a67863bbd19b70d66d