Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28/01/2024, 03:32
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe
-
Size
39KB
-
MD5
7d5ce2a3ea42c29393c4c52b5eed82c5
-
SHA1
113a68984c5437efba94bfb6fe554285d665136b
-
SHA256
085b8a6962c36ef8b6244019396c7823c9daadabad3726f543f9a92e19d27313
-
SHA512
dc526a400bf09cce3c84a54b5072b4fdde6c8f1c17580942e146079010e6746b9cacef3f6ded071ba344e01a41979ab320f7207364f8ace9e98c8baf8325fc26
-
SSDEEP
768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6Dy8POKK:bIDOw9a0Dwo3P1ojvUSDhs
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x0009000000014826-10.dat CryptoLocker_rule2 -
Executes dropped EXE 1 IoCs
pid Process 2228 lossy.exe -
Loads dropped DLL 1 IoCs
pid Process 2356 2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2356 wrote to memory of 2228 2356 2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe 28 PID 2356 wrote to memory of 2228 2356 2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe 28 PID 2356 wrote to memory of 2228 2356 2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe 28 PID 2356 wrote to memory of 2228 2356 2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-28_7d5ce2a3ea42c29393c4c52b5eed82c5_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Users\Admin\AppData\Local\Temp\lossy.exe"C:\Users\Admin\AppData\Local\Temp\lossy.exe"2⤵
- Executes dropped EXE
PID:2228
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD54f4078fd00cb9b670828dc1d50d009c1
SHA14134d6f5693d9285740a988ebb2a116726afb5e4
SHA256b99d19f48b74b044dae80c4919819f4f5a93b63964018ba2a0f4ce48bceec9a7
SHA512513afa7798f67ea3d449c7bf774dc2aee587bfe6edba21eb3cc11016e9dbaed0b14ec8ed87b6af0bb0824149b7fb279401e11498e1e59bd1c2a8a9ca2100865a