Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 03:43
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe
-
Size
67KB
-
MD5
cad294d69fa8e38f3dd1f551aedd3ed3
-
SHA1
bbb1c69c0fe0e9fbe5f35fe311c05817cdaf11bc
-
SHA256
431ee188b631a051fa93a900652fafc3cb088c5052a1ada2e76f0d5a3bf9f03f
-
SHA512
5c7e1403fd26c19b29bf18098adcf7fe6124c01d052eeb52010ad26ccc784dd101974e53bc19940d26dbde6673bbb222c4f3c5dc591154d7c5a11b2c597f08aa
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszudnYTjipvF293vaRLEV:aq7tdgI2MyzNORQtOflIwoHNV2XBFV79
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule behavioral1/files/0x000b000000015605-10.dat CryptoLocker_rule2 -
Detection of Cryptolocker Samples 1 IoCs
resource yara_rule behavioral1/files/0x000b000000015605-10.dat CryptoLocker_set1 -
Executes dropped EXE 1 IoCs
pid Process 868 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe 868 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2240 wrote to memory of 868 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe 28 PID 2240 wrote to memory of 868 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe 28 PID 2240 wrote to memory of 868 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe 28 PID 2240 wrote to memory of 868 2240 2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-11_cad294d69fa8e38f3dd1f551aedd3ed3_cryptolocker.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:868
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD5b6060225071e7572455783685ae2e620
SHA1bac0b9c411bbe83aeb9e5506eafc4cddc9489f54
SHA2561a75b05ef9ca9ddf9390299caafab11f784628ca1ef297d3158bbd9a3f7e855d
SHA512afbfa7958727b9f9c1974dec90eb940dc1b3e78e3ad77981b1b54b410b9ece78ffab2c9bb927bf9fa66b6b475f1ae3466c9f30901dead27be038b279d6874312