Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    130s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 10:20 UTC

General

  • Target

    NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe

  • Size

    44KB

  • MD5

    7c51b774b72c23e11fb2489aa6eb4a5c

  • SHA1

    f5dda175bb66d61f0e6bdeb686be153911f1dfbc

  • SHA256

    5cca4b73cf871a778d5ccfc50fa2f812e2ab966fba772bc87dea689ffb6283d1

  • SHA512

    d7b0e20a82b5f39a40009c1341cc05be4948d4df40d8a35df6213bd16584f0ffb02423c976834d2c5749c61bd7363e0839619b9d8e74c61e6c7554ba6899511e

  • SSDEEP

    768:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4/Uth8igNrr46xdUUMV:vj+jsMQMOtEvwDpj5Hczer5iNV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-07_7c51b774b72c23e11fb2489aa6eb4a5c_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2672

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
    132 B
    4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
    219 B
    5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
    132 B
    4
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
    3
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    57 B
    73 B
    1
    1

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    44KB

    MD5

    4614fb7c4c12041673f1e74df4350eb5

    SHA1

    bcdcb4dacb7ffac6bc334628ae056e27b210161b

    SHA256

    2372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5

    SHA512

    a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b

  • C:\Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    44KB

    MD5

    4614fb7c4c12041673f1e74df4350eb5

    SHA1

    bcdcb4dacb7ffac6bc334628ae056e27b210161b

    SHA256

    2372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5

    SHA512

    a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b

  • \Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    44KB

    MD5

    4614fb7c4c12041673f1e74df4350eb5

    SHA1

    bcdcb4dacb7ffac6bc334628ae056e27b210161b

    SHA256

    2372baf8a63546189cc806b71ded54c408d0ecfd8c0687306a629be9fbd645b5

    SHA512

    a6679f3afaed2abbe1f107a36ab1683e9492af41ac1cf0ea365437fa9e55403534ce37606f87157fa6f79404788a5c01a79573ca2d9cceffd483d0cb7383c53b

  • memory/2144-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2144-1-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

  • memory/2144-7-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2672-16-0x0000000000600000-0x0000000000606000-memory.dmp

    Filesize

    24KB

  • memory/2672-15-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.