Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

2024-01-03...er.exe

windows7-x64

7

2024-01-03...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe

  • Size

    74KB

  • MD5

    110e726ba3d8c204545f32831e719c24

  • SHA1

    a5f73b66b4fee7da435d3a40c1b7805a21664aeb

  • SHA256

    bf0e262933e7c8c3b504d6f1edd268ead9a6e9f334cc5521de1c91739f926b6d

  • SHA512

    e800761b36077be0c8ba446d9ed5b0376f14da136d12803d5f485d57359ae08d83033ee56b0a6f99b907f6f6aada7eaebd9af12b7fba29b70e1e53e5e2352091

  • SSDEEP

    1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOAkXtBdh:T6a+rdOOtEvwDpjNtH

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-03_110e726ba3d8c204545f32831e719c24_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    13310f03fb5779596b5802b4d1af58d1

    SHA1

    ce0a9068632d6db037a1e1cd207d748df65a69de

    SHA256

    3c18ecd66bd5a6c29fb2d831b150c46e6d2a90a89df9987f083af2a1d2dda01f

    SHA512

    09da8f9d7aa42dd0a410e725ad3ee20aa0003c56f9781a30f82242b653fd7af58f73d4c0573c0386498113815a5ba80f2e27ac2f419138a67863bbd19b70d66d

    Download Submit

  • memory/1756-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1756-1-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1756-2-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1756-3-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1756-16-0x0000000001EB0000-0x0000000001EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1756-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-18-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2704-26-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2704-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download