Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/01/2024, 06:02
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe
-
Size
48KB
-
MD5
8a1b1e82834662e1d919c623a52ef163
-
SHA1
e743caf390cfc416bf4fd202b92af70fc66e23cb
-
SHA256
ff86dcf5bc96c2c02bc92892f6026aeeeb5b167da778b1e86104046e2b61e549
-
SHA512
b1c5a84e74a71b51193ecb1299aa9c7a242a7202ac704b64fc8069f2d0566e886815da02e55af91af43624b3dc5072eca0458503fc2103fc8f5bcd70e671a156
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09viE:X6QFElP6n+gJBMOtEvwDpjBtE9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2728 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2024 2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2024 wrote to memory of 2728 2024 2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe 22 PID 2024 wrote to memory of 2728 2024 2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe 22 PID 2024 wrote to memory of 2728 2024 2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe 22 PID 2024 wrote to memory of 2728 2024 2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_8a1b1e82834662e1d919c623a52ef163_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5ef25e60e25d7b185f79d6bb568ac7b21
SHA18e867f4d5d34d56e8e2c3909729c1c1da11ec13e
SHA256e0d98b7620421d4a4eb3942c22769717ba265f14aac395cfd7d116c1c7553162
SHA5125f16d75643c89a0aaffe6e764e7d79e4447404238c9314b4675c0fee98f3a9af9b1194cafbd6bf0ba416c7ac70f0b8418d65ffe9faebc2d4dbb1fbbfad669002