Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
164s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/04/2024, 03:30
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe
-
Size
54KB
-
MD5
1549b492774b17f0e7b565d94c1ecc8c
-
SHA1
186062e260ce03fe6e6c6df1e321d60f3f1b325c
-
SHA256
1aad327033e01ce8c14231a9bee884da55b390f6bbbf9f809e9785056a25600b
-
SHA512
e46ee1982a993ae650de0460b1f5be75f56f09f7584ca4c109a78de1776183754ca71617801ea81c72bfdb665ad1715aad5f785b5e95ef2bb97b6d07b39f2e4b
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQaV2LJb5:X6QFElP6n+gJBMOtEvwDpjBtE1yILJF
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x0008000000012226-13.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x0008000000012226-13.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 2504 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2460 2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2460 wrote to memory of 2504 2460 2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe 28 PID 2460 wrote to memory of 2504 2460 2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe 28 PID 2460 wrote to memory of 2504 2460 2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe 28 PID 2460 wrote to memory of 2504 2460 2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-09_1549b492774b17f0e7b565d94c1ecc8c_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2460 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2504
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD5b273d08fd3b761da0f9efae2fe5d3577
SHA128a3db82dd729a5730412bc51c469a20cebf6c3c
SHA256d8334315c8314d477c28d78d687a1382289a5045408bfd2808a42b6aa4fac737
SHA512e5050a8d74f10406ff53dcde72cf20c63769126771ab334d78aca2040076fb90f8d52c4a3a427fc7a867aec12c5e895531b542446b3d3d0a61f3340a13124141