Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 12:50
Static task
static1
Behavioral task
behavioral1
Sample
20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe
-
Size
87KB
-
MD5
e8878deb1cc685f51f348226878a53bd
-
SHA1
453a30b64bc9742a0eb9aafefea997be29a7bc3c
-
SHA256
dd89c21cd77a57e0d4a34246b01c140ee1bef38d862c6e3abcdca8049bfb3bf3
-
SHA512
9b6dfd286419aa486308edebe6badec31b8f403e72bdff4b030b01b6209d1ca961deacf809c128f2f929b9f19e56e2545f63955f4f6b62b25daa628f13a2a644
-
SSDEEP
1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNl6ad:V6a+pOtEvwDpjvp5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2364 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 2220 20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2364 2220 20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe 30 PID 2220 wrote to memory of 2364 2220 20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe 30 PID 2220 wrote to memory of 2364 2220 20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe 30 PID 2220 wrote to memory of 2364 2220 20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\20240531e8878deb1cc685f51f348226878a53bdcryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
PID:2364
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87KB
MD522e8da495547f5af3733bca57c191d03
SHA1c1d8ace37ad1e6a9326e96a0543dc660e1a27baa
SHA256048bed5a2bf0c263d4ac371041565757a1a49c6142194b7486a5aaf2f0b4580a
SHA512a81e00d08f44590494609c678628ca8bbdbcf40a5ff7af402d3b57af8ca30625aa0af6236d533f3fae5d545e4291367ab587a2e7bf6d75d14747a8c3716b1776