Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/01/2024, 05:47
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe
-
Size
38KB
-
MD5
a36b6bab6491287f04d16e33804218b4
-
SHA1
7f4f6cc416f74d6e9b5e0b3f3351dd9b0adb6261
-
SHA256
f38e256818e6b01260c6e67aef5d087ddf5ba4d9792a18cbbc3fc26eb8042299
-
SHA512
994bedee148a03aad5f16e03b3e478486cc2dd0459e20f8ff48ac7fb6012e905dd2c027285b864236369318b7eb1216f50f96a6f6d20f435b97ad31ce21b9f92
-
SSDEEP
768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQLI3Jnoehy543yAZ:V6QFElP6n+gMQMOtEvwDpjeJQy1hySCa
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2660 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1744 2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1744 wrote to memory of 2660 1744 2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe 28 PID 1744 wrote to memory of 2660 1744 2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe 28 PID 1744 wrote to memory of 2660 1744 2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe 28 PID 1744 wrote to memory of 2660 1744 2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_a36b6bab6491287f04d16e33804218b4_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1744 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2660
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD50782446a27f47b7730380293d9e7d6e4
SHA178d790d4a1194635fe526503ad8c9a74bdf35a34
SHA25665fe427a4d55a16b2d08f0fc79b41779879150062f9250ef5e06d015348af967
SHA512f414d6aa6d6d1c5b2e96186fd841d9386e0028d5913cb43f0592cf6666f2ee3186f333a4a1f12dd25d47a20150b334a2d026a81467f403428356a9eedf2e6daf