Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09/01/2024, 06:42
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe
-
Size
73KB
-
MD5
7688ca8f750159fd834b8c5dc423205d
-
SHA1
1a3ec3460296e1ade68db3b8eabe01a1b9db6b28
-
SHA256
28cd81043f7ad4fbed9311521f3bc76c57c44e75e2dbc05b7b0f109363babb03
-
SHA512
07321a8de2062db9a6b415ba384ef735744d39561a3cf9732bf70a13e7f0ab7eba7e72f8942349f7ca15f72ef205d233bb54860f58070d8987a44991c5584e79
-
SSDEEP
1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3K0:ZVxkGOtEvwDpjcaz
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2880 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2972 2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2972 wrote to memory of 2880 2972 2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe 28 PID 2972 wrote to memory of 2880 2972 2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe 28 PID 2972 wrote to memory of 2880 2972 2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe 28 PID 2972 wrote to memory of 2880 2972 2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-08_7688ca8f750159fd834b8c5dc423205d_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2880
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5d62c1ca03d440fc906bdb3289371a5f9
SHA1a45b591d6473d591eaeaf77d9bea496b5c64b6d6
SHA256caa866b01733597bbced284bc150cb90add9fb8456bc2eb291dadb7430911859
SHA512b0ae297c7f2322f2ae561b54e9a6a9a466b14a443c427590097f718a5236f443c59e70cb9abdf7bfce701d45b0768895558927f66f1b151ce9e89c8bbfe22868