Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/02/2024, 08:06
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe
-
Size
48KB
-
MD5
a5eee7bbabd3cd43dd761e06b99e9cfe
-
SHA1
d3b80a1d2420b113357feb30a7c2d20f4f812e2e
-
SHA256
4820e5d62b12d843bd8718015bf3effb8f45b90c19128f546d99e27639e21d01
-
SHA512
4f6b7dcd0facf1424f013456c3a02cf781efe10d4a326512894bddf65c17e13ffd9e32b6724ab1afa8105e62bcb002cc0fcaa435b3154a1a121daa38f1a9d943
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjeJQ7pojakNfW:V6a+pOtEvwDpjt
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000c0000000122db-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000c0000000122db-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2668 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 828 2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 828 wrote to memory of 2668 828 2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe 28 PID 828 wrote to memory of 2668 828 2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe 28 PID 828 wrote to memory of 2668 828 2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe 28 PID 828 wrote to memory of 2668 828 2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_a5eee7bbabd3cd43dd761e06b99e9cfe_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:828 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5bee4463c98c3ebeba351988de64f4b3b
SHA1c1b0fc2346afa01bd842c167db60da6fa8a7f9e8
SHA25681e213e3cb09c8eec58a7612fd3b9db6b872e768546119f318b4db0eab784066
SHA5120fd9748ab296ee99ef8f9af7c1bf4027370a81a959828f8f5b828788865cc09d7c54dce6ffe21c0ae45c3799419c7a9b71639b4da4f7e721682ee63c9488f9ad