Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NEAS.2023-...JC.exe

windows7-x64

7

NEAS.2023-...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.2023-09-06_e4492675da60f70488d6d000bf349af7_cryptolocker_JC.exe

  • Size

    29KB

  • MD5

    e4492675da60f70488d6d000bf349af7

  • SHA1

    266a34016ed39bb24a67bbe720e585589ee3a843

  • SHA256

    0006dd7155118f6af481cbb9ba89f84b91b2197f8780611a8a2f4ed0e5a0c600

  • SHA512

    6a8b129fc5ad5927f5fd7f8391f1db214329617313edc79437fd10271661cf20ade198c47d91ecf1bd34b2c5b9b8f6519ab3ba5f2e88721362c93a862dc1f3f4

  • SSDEEP

    384:v0VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26Rsn1rCcOQtOOtEvwDpjqIGRS/Vb9hk:vQz7yVEhs9+js1SQtOOtEvwDpjz9+4zI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_e4492675da60f70488d6d000bf349af7_cryptolocker_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-06_e4492675da60f70488d6d000bf349af7_cryptolocker_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    29KB

    MD5

    242a9f1175fffbf83a98fed9cd5504ff

    SHA1

    18c6504a360981412f8f85c9f40c86aa262d0177

    SHA256

    543e0172a1fa5a90729fb328fa3aef26b47715bd1460f34c4531d53b7a80dcd7

    SHA512

    ecf200785eebcf3a0f2a4addeca523829976d4ada863e6cb80eaee15dfb3657d7a1e97b4249590a8509f1824b9736cf5b0531184f2139868eac86a85591de8af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    29KB

    MD5

    242a9f1175fffbf83a98fed9cd5504ff

    SHA1

    18c6504a360981412f8f85c9f40c86aa262d0177

    SHA256

    543e0172a1fa5a90729fb328fa3aef26b47715bd1460f34c4531d53b7a80dcd7

    SHA512

    ecf200785eebcf3a0f2a4addeca523829976d4ada863e6cb80eaee15dfb3657d7a1e97b4249590a8509f1824b9736cf5b0531184f2139868eac86a85591de8af

    Download Submit

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    29KB

    MD5

    242a9f1175fffbf83a98fed9cd5504ff

    SHA1

    18c6504a360981412f8f85c9f40c86aa262d0177

    SHA256

    543e0172a1fa5a90729fb328fa3aef26b47715bd1460f34c4531d53b7a80dcd7

    SHA512

    ecf200785eebcf3a0f2a4addeca523829976d4ada863e6cb80eaee15dfb3657d7a1e97b4249590a8509f1824b9736cf5b0531184f2139868eac86a85591de8af

    Download Submit

  • memory/2220-0-0x0000000000420000-0x0000000000426000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2220-1-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2220-8-0x0000000000420000-0x0000000000426000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2432-15-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2432-16-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download