Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
171s -
max time network
186s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/03/2024, 17:26
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe
Resource
win10v2004-20231215-en
General
-
Target
2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe
-
Size
80KB
-
MD5
36373d568bd8470592e1e8e916f582f9
-
SHA1
0591702b2648a6d40b30433802f83ce099adc36f
-
SHA256
df44309d16ae8834b856dbc950bbadfd04ddc671e5df1cf9c03f1e2f86339400
-
SHA512
c34fa3f20c3d87d7ff24400492d054bedaeac72570e0fe25bbcaa9bb40c7bce45dc68b348d08cd8949a4c69f1fba3c936e272f9a54a092f00ae02d8521780cb9
-
SSDEEP
1536:Tj+jsMQMOtEvwDpj5HmpJpOUHECgNMo0vp2EMMrX:TCjsIOtEvwDpj5HE/OUHnSM9
Malware Config
Signatures
-
Detection of CryptoLocker Variants 5 IoCs
resource yara_rule behavioral1/memory/2296-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/files/0x000c00000001339f-11.dat CryptoLocker_rule2 behavioral1/memory/2848-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2296-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 behavioral1/memory/2848-25-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 5 IoCs
resource yara_rule behavioral1/memory/2296-0-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/files/0x000c00000001339f-11.dat CryptoLocker_set1 behavioral1/memory/2848-16-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2296-15-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 behavioral1/memory/2848-25-0x0000000000500000-0x000000000050E000-memory.dmp CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2848 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 2296 2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2296 wrote to memory of 2848 2296 2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe 27 PID 2296 wrote to memory of 2848 2296 2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe 27 PID 2296 wrote to memory of 2848 2296 2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe 27 PID 2296 wrote to memory of 2848 2296 2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_36373d568bd8470592e1e8e916f582f9_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD5f4aabe6a4f69695f3fa5823f9626592e
SHA13ec2ce58ada22fbdefd910aa4ce7486a994bbb0e
SHA25603125e40a843de01c20ad4d39960d9d5c7dd8c9d178cabede2abc5da092e00f2
SHA512827ab569fc58862117fcdec4fb8f347a53b1426062a89e8e9e0e921ebcbe2715c4a4b67655dd35e9422ed6d3395cb9feca18ade9ea8c4b9d5ede8a649a03d4b4