Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03/05/2024, 04:46
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe
-
Size
54KB
-
MD5
b99bf6956a34496b750f3ca00672e7de
-
SHA1
c84e2bddda1407c18346a7c8e8c10d098aceaf8d
-
SHA256
4752db76a06d8f728354a190b30422aadf2a9ce5f8bcce873703fd38cb41fe48
-
SHA512
17902454e535584ff51f66533947ea2817f080ce87d302aca053c98aeb6c3ec2c14446ea53be8076726d335d1f69e50167b1edbc1f683c3c4485870822037ed4
-
SSDEEP
1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdO5Uom:ZVxkGOtEvwDpjcA
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000e000000012279-10.dat CryptoLocker_rule2 -
Executes dropped EXE 1 IoCs
pid Process 2712 misid.exe -
Loads dropped DLL 1 IoCs
pid Process 3000 2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2712 3000 2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe 28 PID 3000 wrote to memory of 2712 3000 2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe 28 PID 3000 wrote to memory of 2712 3000 2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe 28 PID 3000 wrote to memory of 2712 3000 2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-03_b99bf6956a34496b750f3ca00672e7de_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵
- Executes dropped EXE
PID:2712
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD57125c6787db2f15999588fd156add751
SHA1e0712c3891bf62945c73ae6cbebf8c1d29c4b205
SHA2563afd50dce5f4906369d90e78085cf63ce07513a8e14e033abb1c65e2f1348bf6
SHA512742e7aaad03d0303a8e9486da62779b3468f68fd5dc333cc82faabb491aad93c4aa388d027d4eccffc586d163e6d795bfb6e2d207f3a1758915b1b2b22c7d752