Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 06:17
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe
-
Size
58KB
-
MD5
c28d68e8f7ce595201aa87e10f781060
-
SHA1
560e89e99c13127aee9b3360de683b47852806b9
-
SHA256
9b61561bc5061b51089f6a56d805aff939c2cc014b4efbc20acb98ebce66a2f2
-
SHA512
9e21793b452ce3b4893e71623c9546ddf490779c91d70d9a05f3d8b7d88bde1261509dd7577e1018a87cdadd67d3ec4a2f15da8a301210ad80d2b543fcf569c7
-
SSDEEP
1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMV:TCjsIOtEvwDpj5HE/OUHnSMm
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/3028-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000900000001224d-11.dat CryptoLocker_rule2 behavioral1/memory/3028-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2540-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2540-26-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/3028-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000900000001224d-11.dat CryptoLocker_set1 behavioral1/memory/3028-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2540-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2540-26-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2540 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 3028 2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2540 3028 2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe 28 PID 3028 wrote to memory of 2540 3028 2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe 28 PID 3028 wrote to memory of 2540 3028 2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe 28 PID 3028 wrote to memory of 2540 3028 2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-08_c28d68e8f7ce595201aa87e10f781060_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2540
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD5e5698a3015dcd109fd1e04a64c1e9812
SHA1e847f7bad31b8e266b2a44c945ca2b3446e084a9
SHA2569c6fba5d16e44ad19d18b9931689e70b312f6c57fa6e5f09f6a5c02bc01f68ab
SHA5126bb009ba2334c777963566244964f8a51630f58a1e5dd44e1eb3da84f583bb6f482838da6681159887d4a1b18fdd9592af9b4fe59001e12c8e6ff5e43e92ca3b