Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/03/2024, 18:40
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe
-
Size
54KB
-
MD5
5e7be9acce715f6d462185933bc1e4f6
-
SHA1
d3e3bc2a7691a9f5b5a5dbdda4a4c1d917812409
-
SHA256
fd27e3d3a13d766d722c5f6ef1e3db0945b12f00207890bb65e1ce7d7e0a35cb
-
SHA512
1bcc859c5073876728b028aa850f137a42807bc0a22f7500d29d6bf552c1bd2c0fdc3cbffde6b5d3be37cce0d66547e0a213d93b8cb633233de4aac9d72dea3d
-
SSDEEP
768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylSV/CCjgB:79mqyNhQMOtEvwDpjBPY7xv3g8OB
Malware Config
Signatures
-
Detection of CryptoLocker Variants 4 IoCs
resource yara_rule behavioral1/memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000b000000012257-11.dat CryptoLocker_rule2 behavioral1/memory/2204-15-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_rule2 behavioral1/memory/1984-16-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 4 IoCs
resource yara_rule behavioral1/memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000b000000012257-11.dat CryptoLocker_set1 behavioral1/memory/2204-15-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_set1 behavioral1/memory/1984-16-0x0000000000500000-0x000000000050F000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 1984 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2204 2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 1984 2204 2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe 28 PID 2204 wrote to memory of 1984 2204 2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe 28 PID 2204 wrote to memory of 1984 2204 2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe 28 PID 2204 wrote to memory of 1984 2204 2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_5e7be9acce715f6d462185933bc1e4f6_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:1984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
55KB
MD59acf851064741df6094966befe567d25
SHA11a21f195b0ecc02d16ad462731bc8e91842f0758
SHA25624844386bea9cbc96cd40e79f5d03f014c6779b3f6007d7a28e929626fcb9dc3
SHA51210dd96b08b677bf6130bf941bd28f795d528c3b62343f29979547af67fcc2ff04fcd75c2493ffa3b914d09860c1edd85dc0cc14eab7295925436095d58d168c4