Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22/02/2024, 19:38
Static task
static1
Behavioral task
behavioral1
Sample
2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe
Resource
win10v2004-20240221-en
General
-
Target
2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe
-
Size
70KB
-
MD5
5eb4183b4341b6f34433ea0d925f2e31
-
SHA1
66b89ebbe530268ce5264c04df1cf307d1824623
-
SHA256
b7c4ff4b8fca48c2258723c9442f63bccd1f2aa072b629bb4de6338baa1c1a84
-
SHA512
73c78637901613cc356ba33964c0f27d8bdcc665fd3dcbf7135b18258f7c4d33ee7ffdafe7e4f9667e83b6f63f1cde7b64df327a709506b8a6c3598ef0bcc9e3
-
SSDEEP
1536:Dk/xY0sllyGQMOtEvwDpjwycDtKkQZQRKb61vSbgZ3QzNKUNZOX:DW60sllyWOtEvwDpjwF85g
Malware Config
Signatures
-
Detection of CryptoLocker Variants 4 IoCs
resource yara_rule behavioral1/memory/2456-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x0008000000012262-11.dat CryptoLocker_rule2 behavioral1/memory/2456-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2520-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 4 IoCs
resource yara_rule behavioral1/memory/2456-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/files/0x0008000000012262-11.dat CryptoLocker_set1 behavioral1/memory/2456-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/2520-16-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2520 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2456 2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2456 wrote to memory of 2520 2456 2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe 28 PID 2456 wrote to memory of 2520 2456 2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe 28 PID 2456 wrote to memory of 2520 2456 2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe 28 PID 2456 wrote to memory of 2520 2456 2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_5eb4183b4341b6f34433ea0d925f2e31_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2456 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD524544b5a3c713a3121dd5b386bef606f
SHA17705332fa6fbc0ef14fbcafbf3ec0316e939a340
SHA256e1dd667c5a4311572dc0a60b88af30493d380bc4ae270f95f8a9249c419bb8a9
SHA512901d6f03e662e11500047aa6b52fba171de9521398a384f402d6fe8fdb1503527d7a23b8e63f631564fb4ff4c80444c5cd04c8eddbb4ebc0e4fb1e36426a2b4c