Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
163s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 11:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe
-
Size
43KB
-
MD5
96f3ab8c3dc0a5e9494a435d431be9f2
-
SHA1
57bedeed3c74de5325835d3fc9a9640641f13d7c
-
SHA256
d7bf4ab9d33b0bf92042c89ddfc52ab85f9298a8edfaba1640aa3c5a8e7b249e
-
SHA512
19090495769795e82d46d892202913e01e9a8dc7907adbd3eba1e0b1efcfe06e0900d1f00c1e4e540db2223416c0e9a859789069b44dca80e569838bb7046923
-
SSDEEP
768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPN:P6QFElP6k+MRQMOtEvwDpjBQpVXs
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/856-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000d0000000122f1-11.dat CryptoLocker_rule2 behavioral1/memory/856-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/3044-17-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 behavioral1/memory/3044-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/856-0-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000d0000000122f1-11.dat CryptoLocker_set1 behavioral1/memory/856-15-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/3044-17-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 behavioral1/memory/3044-26-0x0000000000500000-0x000000000050B000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 3044 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 856 2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 856 wrote to memory of 3044 856 2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe 28 PID 856 wrote to memory of 3044 856 2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe 28 PID 856 wrote to memory of 3044 856 2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe 28 PID 856 wrote to memory of 3044 856 2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_96f3ab8c3dc0a5e9494a435d431be9f2_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:3044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5e25d608c258f2848bac562710307de08
SHA18768dd45d6709332c3ce914ae6b4dc3b01ca3bbb
SHA2562aeabbd182d788c40cbbe21043b63d74d30072f58635b35953bd555391bb2d28
SHA51267a60135307fdf3ab11daf5a44fa2f248b4e59f47f95983b5d1064e1ea8edc4c61c3aa72cf363fd20c1ddc1277722a954d34c46b3d968736caea80be71d922a9