Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 12:17
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe
-
Size
56KB
-
MD5
e4f999b18da32a3a08841c0c1908701e
-
SHA1
ac5c88e85b8544518a8798283d373ff1868ae4b4
-
SHA256
444285996b8cf05a7c309ac65a22f81d22f2a062fe2d6d1847f065f866fd1ca5
-
SHA512
78b3b340e92c70af8b645d06583ef390e55392d0f894c1831425282a19f3be1c471470d018e32bd9ee2411e2760d45a40ef6c37821a5e07ca486ef1fb42a11bb
-
SSDEEP
768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZgBh8i6g7Gowfj6EiU:xj+VGMOtEvwDpjubEgv
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2488 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 1668 2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1668 wrote to memory of 2488 1668 2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe 14 PID 1668 wrote to memory of 2488 1668 2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe 14 PID 1668 wrote to memory of 2488 1668 2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe 14 PID 1668 wrote to memory of 2488 1668 2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe 14
Processes
-
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"1⤵
- Executes dropped EXE
PID:2488
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_e4f999b18da32a3a08841c0c1908701e_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5a0a58d0367e99c27f38bb35f07579c10
SHA19301c0879b0b823b668ee72552d0220b644d104e
SHA256c5ecfe27c6ef4a00f2d5df6b0173bb1d66a14b8f5970e7d3c6511479dcf13998
SHA51222f5d5333ea6bff0bfc53dbe9f5a963eda26f38a4c197c6890ec8178ac92ed4381cec9c724ede22884dca40d64530b2a5f5ab8c43bf267356c412841137eb069