Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22/01/2024, 20:42 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe
-
Size
55KB
-
MD5
ae8f7f05d74442d58624577dfed88fa2
-
SHA1
3c2d3f9414b2c133661367f7d061654414a2e73e
-
SHA256
b6e00bd2607dc5f70c5c1a5f8887dbd00e12bd1ba2c6951dcf4f174c3d3248d4
-
SHA512
d02f21d51632641930275cbea1587375dba050f2e6f1fe787682f9e76d254741682c3b7f4720ccc0318238474c16f5112a820ab9990537387534d1d48ebde4ce
-
SSDEEP
1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61o:BbdDmjr+OtEvwDpjMa
Malware Config
Signatures
-
Detection of CryptoLocker Variants 6 IoCs
resource yara_rule behavioral1/memory/2752-1-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000a000000013a1a-11.dat CryptoLocker_rule2 behavioral1/memory/2752-13-0x00000000023A0000-0x00000000023B0000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2752-16-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/memory/3008-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/memory/3008-27-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 4 IoCs
resource yara_rule behavioral1/memory/2752-1-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/memory/2752-16-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/memory/3008-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/memory/3008-27-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 -
UPX dump on OEP (original entry point) 6 IoCs
resource yara_rule behavioral1/memory/2752-1-0x0000000000500000-0x0000000000510000-memory.dmp UPX behavioral1/files/0x000a000000013a1a-11.dat UPX behavioral1/memory/2752-13-0x00000000023A0000-0x00000000023B0000-memory.dmp UPX behavioral1/memory/2752-16-0x0000000000500000-0x0000000000510000-memory.dmp UPX behavioral1/memory/3008-17-0x0000000000500000-0x0000000000510000-memory.dmp UPX behavioral1/memory/3008-27-0x0000000000500000-0x0000000000510000-memory.dmp UPX -
Executes dropped EXE 1 IoCs
pid Process 3008 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2752 2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2752 wrote to memory of 3008 2752 2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe 28 PID 2752 wrote to memory of 3008 2752 2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe 28 PID 2752 wrote to memory of 3008 2752 2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe 28 PID 2752 wrote to memory of 3008 2752 2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-22_ae8f7f05d74442d58624577dfed88fa2_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:3008
-
Network
-
Remote address:8.8.8.8:53Requestemrlogistics.comIN AResponseemrlogistics.comIN CNAMEtraff-5.hugedomains.comtraff-5.hugedomains.comIN CNAMEhdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.comhdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.comIN A54.161.222.85hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.comIN A34.205.242.146
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
52 B 1
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
56KB
MD5091bb4f3e837515c52fbe869eb5feb8e
SHA11148a05816da70310f708f7a006791e0d61ed0f5
SHA25607cddc56f2b5bf1c0a96fd50aa777cef139938c2529900d2d3a6cf82272b2f93
SHA5123bd632b113fa63b67ebd62b49fee97d201d3146bf35b5bd486adf97b534d3e6719b2dbede16c76c2cb0019017b5674c328dc5de5a3b2db1813cb1c0b8e83a052