Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
21/02/2024, 14:18
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe
Resource
win10v2004-20240221-en
General
-
Target
2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe
-
Size
50KB
-
MD5
fb50b92a05db797d4d9d79235a83129f
-
SHA1
31795fc9127794aaeb538e7ff57ca318cac55715
-
SHA256
d148566a8913d46190de342c51df02c1f4db345f978678b3803da207736acd6b
-
SHA512
ed7162690b82b9198c7293f02efed5eb32bf3e754029a3b137696c6cd1f59c97b244ee0451bebfadab7e1d2846039f52d09e85772f2106682ab749d8fffc4be6
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vxmlcaf:X6QFElP6n+gJBMOtEvwDpjBtExmln
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000e000000012247-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000e000000012247-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2648 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2032 2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2648 2032 2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe 28 PID 2032 wrote to memory of 2648 2032 2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe 28 PID 2032 wrote to memory of 2648 2032 2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe 28 PID 2032 wrote to memory of 2648 2032 2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_fb50b92a05db797d4d9d79235a83129f_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2648
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD576ed47a1e0aa2b1e4d8de9f7d65b8d34
SHA1dd06951f80af5283ec586da45c703854a3b849a0
SHA25648803549e73d521eb730fe071b857625e3040d3fcbfe9bedfe927c22c67f8e1d
SHA512931c9ef2cc2445810c484607c40f44e5d9806a858cf946eb2722ccf771b88bacde6744276f7ca32e5f33acd56822c2294dfde2714e4b0c75f6b25c98a726b973