Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/02/2024, 12:45
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe
-
Size
94KB
-
MD5
5b04b3c707c96fd645e2eb294ed88cd1
-
SHA1
4515c6b9c98999aecba122377b0c151a8a38a025
-
SHA256
f25f12098ab431c5191bf168daa27265710f8cbcdd807c6f95fed4dd622dbb6a
-
SHA512
9d889d1d51ff9d43e0c119eb371630b68410ee41c6c7ae8d9d06792a2115bf582ec0e36f380074e7c2f20cd80e6c56cb02f78ec0376eef5f4ec9aaaef3d36bff
-
SSDEEP
1536:Z6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNC4w2w:Z6a+pOtEvwDpjtzk
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x00090000000120e1-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x00090000000120e1-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2912 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2140 2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2140 wrote to memory of 2912 2140 2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe 22 PID 2140 wrote to memory of 2912 2140 2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe 22 PID 2140 wrote to memory of 2912 2140 2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe 22 PID 2140 wrote to memory of 2912 2140 2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
94KB
MD540476bb384f413cc470d2bfea8ab4cc6
SHA1f1adfaa9fd6898332a14aec674a1f76400b5b10d
SHA256df1ef3789d2c945f19b4de605085df4bcbbdcf5c96bb861bfcb04ffa833c3657
SHA51204e2fc24da7883a9ae51cadbd88036c6ff459b5c602992e8be32c81a3aa31e847d5fd86747a5053c9725b5987f9b9010d563031e295cd44db2edbcfecd414ff7