Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24/01/2024, 03:29
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe
-
Size
72KB
-
MD5
2eaa19f1f553a26538f62b873fc044b6
-
SHA1
5852d16ae7eb6f1cfdbcaf39806a1dd47d4c73c1
-
SHA256
cfd61ccef0f2339102ded1f11792ed37f459736299330ba51f70623380be6713
-
SHA512
4d7c2feef7d63a5b5f6b865ff4e778d7a4f5eb922c22dcbdc39e64ed8a97ff656efd8b0d4f124f63dadd826f6f742b97b4444823ddcb8bbca8dd9ab24a92fbb5
-
SSDEEP
1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1Me:X6a+SOtEvwDpjBZYvQd2j
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000900000001447e-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000900000001447e-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2296 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1680 2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1680 wrote to memory of 2296 1680 2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe 28 PID 1680 wrote to memory of 2296 1680 2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe 28 PID 1680 wrote to memory of 2296 1680 2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe 28 PID 1680 wrote to memory of 2296 1680 2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-24_2eaa19f1f553a26538f62b873fc044b6_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2296
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD577f3a33dffd08f3b15825b78693c1817
SHA14dba4f5eb71c39e2a3e9e1efe1b722e54e7a4c8f
SHA2568273f041a64e0da91f90a6dab5c283129fa2117d64a5620a2117e391a3f07cb7
SHA512c86bf1e3c707b8392fad339f586f976c03eef908491e177d5d9be68e08ad444e5def123c33c5ded6127dc92c0929b4a417512923cbcaa20426f911c597b95042