Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:45

General

  • Target

    2024-01-01_80193361f8eb17ca96007aa778d470a7_cryptolocker.exe

  • Size

    41KB

  • MD5

    80193361f8eb17ca96007aa778d470a7

  • SHA1

    478ee6a11df47b037b63f72aae8bc4339cad977a

  • SHA256

    9703b362caf1b570eda5d86f79359935d4a4d5e1eaf378d23fc6fe2e346f51ad

  • SHA512

    f497969f9160d8c0d899b054f94b390d981f0b218e2c1676fa59ab50f8b92ed167dbab7928690ed2c9c82bb2eb566db0b78e7d07a677b0f83fc21c857b3c0ca9

  • SSDEEP

    384:e/4wODQkzonAYsju5N/surDQtOOtEvwDpjqIGROqS/WccJVJwi2B5cG:79inqyNR/QtOOtEvwDpjBKccJVODvcG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    "C:\Users\Admin\AppData\Local\Temp\asih.exe"
    1⤵
    • Executes dropped EXE
    PID:3008
  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_80193361f8eb17ca96007aa778d470a7_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_80193361f8eb17ca96007aa778d470a7_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    784B

    MD5

    79775e9c3785449a5363f0fb66bf4213

    SHA1

    bef2490a350e9919a17c76ca629afdea7af33144

    SHA256

    e543df0c1807d3075054fb2faafb0fa14cdfb63b7a741a167452d5e125db84a2

    SHA512

    326ee9750bff0b56412296688ce2eeeadb8bd528761083f46633efa66594b1ff8150ad4f4a9e573780dcd6935fd4c8251a8e15b1e3d310bb9a987d62cce7e26d

  • C:\Users\Admin\AppData\Local\Temp\asih.exe

    Filesize

    1KB

    MD5

    af9ae036474a0348b5b8a8f38f23d8dc

    SHA1

    710aae8f388f03c7d91f99920d4256c052587a76

    SHA256

    5a6bd0d7cbda04e83a310e2396aa41053284c681e2f48fb666f8794e4a1a06fc

    SHA512

    96eda28e573c0dbec9f96cbd0e7b08b479bbad3d82c8783bc920746a80a3a29e8baf50aa90cff9cabae49cb340c61eaa140edef7cdba21b135ade51f932aa64b

  • memory/2976-2-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

  • memory/2976-4-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2976-1-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2976-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/3008-17-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

  • memory/3008-16-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB