Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/02/2024, 20:24
General
-
Target
2024-02-22_04c99e35fd5111cc96bb6be41e692ddb_cryptolocker.exe
-
Size
78KB
-
MD5
04c99e35fd5111cc96bb6be41e692ddb
-
SHA1
fd0d469f077f0521556d769493626329651cf4d1
-
SHA256
e5c3fc20195d3ef46d94a063fe7d8efb9dfd3781f9f64afa6b6d04cf0be36cb6
-
SHA512
a52d4f3160529fbe0dccca0df6e866f6b85802b5d81598dd5695b1943af6424a24daf7e095409030cad83ecceeef58334e5668a5e562a3d7f88806764950ebc4
-
SSDEEP
1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfWaO02:vCjsIOtEvwDpj5H9YvQd2w
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_04c99e35fd5111cc96bb6be41e692ddb_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_04c99e35fd5111cc96bb6be41e692ddb_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD5fa2abe4ae55bfc2cb8b3031f8f1bc4e6
SHA1c1942d0edfcf9a5f139e158bf4de707e4258ead1
SHA2563ac4600966eb972c939d67cf20e1c872a3b3e6e70859a00b6c009fa62d87829b
SHA512cbced8231e1aa6eee07bf34f0858d61e31a82ad9397353de0278c3fb03d8cb9c9c82877b5b9d58bd5b5444ef9c57555148ee75592da8eae3f365b2760e248af4
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB