Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/01/2024, 20:31
Static task
static1
Behavioral task
behavioral1
Sample
2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe
-
Size
104KB
-
MD5
7b618fe40e5a5a4970d47d96e97e06c1
-
SHA1
ab2fd5a4868c6fab70a90eb91ae50317de2a57fb
-
SHA256
c69b5379d3b9aa80fe171060f03d36bbc7feeb03358e1a3cd4474061fb3c3d86
-
SHA512
11c2b1687c3515428cd04b130277f3dbbe8489d7c29fdf378131d2454747b9d4547005169977ab366c9d62f6ce66b664794f99cef9997d8e7c9584656c357f9e
-
SSDEEP
768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZ7uyA36S7MpxRiWjy9g:xj+VGMOtEvwDpjubwQEIikug
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/2132-0-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000900000001222a-11.dat CryptoLocker_rule2 behavioral1/memory/2132-15-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2364-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2364-28-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/2132-0-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000900000001222a-11.dat CryptoLocker_set1 behavioral1/memory/2132-15-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/memory/2364-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral1/memory/2364-28-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 -
Detects executables built or packed with MPress PE compressor 5 IoCs
resource yara_rule behavioral1/memory/2132-0-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress behavioral1/files/0x000900000001222a-11.dat INDICATOR_EXE_Packed_MPress behavioral1/memory/2132-15-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress behavioral1/memory/2364-17-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress behavioral1/memory/2364-28-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress -
Executes dropped EXE 1 IoCs
pid Process 2364 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2132 2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2132 wrote to memory of 2364 2132 2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe 28 PID 2132 wrote to memory of 2364 2132 2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe 28 PID 2132 wrote to memory of 2364 2132 2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe 28 PID 2132 wrote to memory of 2364 2132 2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-28_7b618fe40e5a5a4970d47d96e97e06c1_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2364
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD53a4fa04b74ab8966fe859071fa3b78dc
SHA1bb8300f9eed6d9143166cedf8b9818f6b5cab89c
SHA2567cd8b67abfe2543f32ba78bd691e6edc54cbf4b40a5d1f5782b5f8e7e5715bc6
SHA5123b24a0d98839f577422cf07b79cc2b28ee142d7e2b51ad466b0bf76b31469b3c48a45f6a18d529d7fde630d43313a8a0cc31c87d096fd50df6b1191c3aaaae3a