Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03/05/2024, 15:29
General
-
Target
2024-05-03_986857b6e5dd207bdae00aa89bc35c9c_cryptolocker.exe
-
Size
37KB
-
MD5
986857b6e5dd207bdae00aa89bc35c9c
-
SHA1
5abc792fa112537b55a94748df0b5774da8e05f7
-
SHA256
44c333534980e561f853b50225f51d4ba3faa6bd90f424f38986b52d4657cdd8
-
SHA512
6a2bdfb4ac75a3ab9a27a2c3398d2b63f84f2e59b3ef9bc8a9e47496b39228925ea6bb8415f918e363ecc4f10a3b48170418d9b228e49bc69ac19fe7537acb2a
-
SSDEEP
768:b7o/2n1TCraU6GD1a4Xt9bRU6zA6o36mI1k:bc/y2lLRU6zA6qp
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-03_986857b6e5dd207bdae00aa89bc35c9c_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-03_986857b6e5dd207bdae00aa89bc35c9c_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\rewok.exe"C:\Users\Admin\AppData\Local\Temp\rewok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD52810f85a734549e387a0412f0257d8f7
SHA168c8bc6ca603fd0738a3173dde90acccff204102
SHA256a48b3559abe53a7548c40be796f2405cb12dad1b955fcfdd2d1a04bb3089848a
SHA5123cf3178307c394eb7127095e18825c8721645ae07f5d0caf1b9bfc3cacc1ad5cc10e2429586b6edef9d378d6a1928bbe2a71b9c83d1931780058a9143a4bf99e
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB