Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3f3dcbde8e...JC.exe

windows7-x64

7

3f3dcbde8e...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2023, 18:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f3dcbde8eeb6805bccee696b6aea921_cryptolocker_JC.exe

  • Size

    85KB

  • MD5

    3f3dcbde8eeb6805bccee696b6aea921

  • SHA1

    896b6c9e921abd8f016a1ed7152112e3375b98a6

  • SHA256

    08c862b121d572f06cb68fe6fc483961818390a86fe300eb04695d32d9bf51c7

  • SHA512

    742d058355c642f1d096c3bbc12ed3fbd2469ac0395a3177805d884715b0d65067b9f6a48b038bc37d25e9d79e7112d7f571097e65ef14fb682a0a1c77dd790a

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbNcqamvWI:V6a+pOtEvwDpjtt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f3dcbde8eeb6805bccee696b6aea921_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\3f3dcbde8eeb6805bccee696b6aea921_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2576

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-3.hugedomains.com
    traff-3.hugedomains.com
    IN CNAME
    hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
    hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
    IN A
    3.19.116.195
    hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
    IN A
    3.18.7.81
  • 3.19.116.195:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.18.7.81:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.19.116.195:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.18.7.81:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.19.116.195:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.18.7.81:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.19.116.195:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    3.19.116.195
    3.18.7.81

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    85KB

    MD5

    483d62c72942d77c57a3a9f8f6dab5da

    SHA1

    ff87b0f3376fb2238558f19f6cf4a2afe9bd762c

    SHA256

    c62d6d236f2c215180e51e6aef4713b4dff12c50f0dd4e0d519c93d78f1a277d

    SHA512

    cce4006040ebec72e0b3ded2417ba02f21e8823818b80ee1e67e259e5876cf87204974b4d6607b003f6ff526ca685df3b90f26f1cd334f6ea925d24fe4646b1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    85KB

    MD5

    483d62c72942d77c57a3a9f8f6dab5da

    SHA1

    ff87b0f3376fb2238558f19f6cf4a2afe9bd762c

    SHA256

    c62d6d236f2c215180e51e6aef4713b4dff12c50f0dd4e0d519c93d78f1a277d

    SHA512

    cce4006040ebec72e0b3ded2417ba02f21e8823818b80ee1e67e259e5876cf87204974b4d6607b003f6ff526ca685df3b90f26f1cd334f6ea925d24fe4646b1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    85KB

    MD5

    483d62c72942d77c57a3a9f8f6dab5da

    SHA1

    ff87b0f3376fb2238558f19f6cf4a2afe9bd762c

    SHA256

    c62d6d236f2c215180e51e6aef4713b4dff12c50f0dd4e0d519c93d78f1a277d

    SHA512

    cce4006040ebec72e0b3ded2417ba02f21e8823818b80ee1e67e259e5876cf87204974b4d6607b003f6ff526ca685df3b90f26f1cd334f6ea925d24fe4646b1a

    Download Submit

  • memory/1716-54-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1716-56-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1716-55-0x00000000004B0000-0x00000000004B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2576-70-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2576-69-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.