Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 07:14
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe
-
Size
40KB
-
MD5
dd1373d512af977e0cf9547b3f29cecd
-
SHA1
6a424f57982dad36b7f931b87a5d8e2b8dd0835d
-
SHA256
d6bf637d1c5a3b535f9e2e086b507e13b1fdbd8444e50198662a3b5f4c3fd18d
-
SHA512
10a33d95216b07cda527f7e047142eca361792aa9bc63c3efc2c6c201df00acc77a62e0c2e041d1f1491af624d5c15395b46be87a5646f8d7b46db74e0fb5db3
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFqJzJ:bxNrC7kYo1Fxf3s05rwxbFSt
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000c00000001224c-10.dat CryptoLocker_rule2 -
Executes dropped EXE 1 IoCs
pid Process 2456 pissa.exe -
Loads dropped DLL 1 IoCs
pid Process 2296 2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2296 wrote to memory of 2456 2296 2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe 28 PID 2296 wrote to memory of 2456 2296 2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe 28 PID 2296 wrote to memory of 2456 2296 2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe 28 PID 2296 wrote to memory of 2456 2296 2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\pissa.exe"C:\Users\Admin\AppData\Local\Temp\pissa.exe"2⤵
- Executes dropped EXE
PID:2456
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD5cfb12de02423ba6eba7e984766a8d652
SHA15f09a78e4c9a4e4ef84a737dec853ed579990e67
SHA2564a49dffc002ecf69a42a1eb6324c25dcd3f75e25b9686b5f19f7ee38335fe91e
SHA512a88a8d93a7edc7c4422a1a347b8d1910e46acebf11b9773d796e0195a640d75a1220880d72390b332540c4aff67fc49ce0747174f49bda2f3407b2a1f7d96299