Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 02:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe
-
Size
49KB
-
MD5
ffb5e536307cf11067f864e3833217db
-
SHA1
9bbe338b2297d33cba61a7053ff5800e31d2f2c7
-
SHA256
1438c035b7bd29cf71ae2eb3728474d47224d4baf18bc0c36e66653947860abd
-
SHA512
17bd4cf5c201b33155702bd839effefa8958c5381af8b2a535aa2650af522afe9ae9d4e7f82c6d9a0e6d7307dfd1733290cd47e75caece1d96f817d98ea8c7e6
-
SSDEEP
768:xQz7yVEhs9+4uR1bytOOtEvwDpjWE6BLbjG9RzhwaRhAEFo:xj+VGMOtEvwDpjy+TRhxu
Malware Config
Signatures
-
Detection of CryptoLocker Variants 4 IoCs
resource yara_rule behavioral2/memory/4404-0-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral2/memory/4404-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 behavioral2/files/0x0008000000022f51-16.dat CryptoLocker_rule2 behavioral2/memory/912-48-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_rule2 -
Detection of Cryptolocker Samples 4 IoCs
resource yara_rule behavioral2/memory/4404-0-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral2/memory/4404-17-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 behavioral2/files/0x0008000000022f51-16.dat CryptoLocker_set1 behavioral2/memory/912-48-0x0000000000500000-0x0000000000510000-memory.dmp CryptoLocker_set1 -
Detects executables built or packed with MPress PE compressor 4 IoCs
resource yara_rule behavioral2/memory/4404-0-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress behavioral2/memory/4404-17-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress behavioral2/files/0x0008000000022f51-16.dat INDICATOR_EXE_Packed_MPress behavioral2/memory/912-48-0x0000000000500000-0x0000000000510000-memory.dmp INDICATOR_EXE_Packed_MPress -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe"1⤵
- Checks computer location settings
PID:4404 -
C:\Users\Admin\AppData\Local\Temp\misid.exe"C:\Users\Admin\AppData\Local\Temp\misid.exe"2⤵PID:912
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD5b36259ad63ebb94ef8f6480cff491452
SHA1810e4c51aeb8284efb08b3d12f0a229bf8ec97e0
SHA256e1832ac2af83851f70e2563f9fd6479aec601c81e6173ff8ef7da0a62b652a1d
SHA5129fe6fa35b3b48c21fe1fe6206d9ad84e7dd5fd88374d74428d8868bf2110643c87b55da588d147917e7f0562752d826e336a66c400628507f30e2d0f5d66ef90
-
Filesize
315B
MD5a34ac19f4afae63adc5d2f7bc970c07f
SHA1a82190fc530c265aa40a045c21770d967f4767b8
SHA256d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
SHA51242e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765