Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_a8cc6ae17a80640733844d7e99f3905a_cryptolocker.exe

  • Size

    65KB

  • MD5

    a8cc6ae17a80640733844d7e99f3905a

  • SHA1

    14c1c8758873538fd56cd23afdfa09c3f948aa4a

  • SHA256

    5064fc8a5cf7b83b6e0a8cea12a43611d43e718d45449fdadf491a89e57fe6b5

  • SHA512

    ba6a5a6943bc99124040b842d835ffe6dd897dd75cff5bc9caebd7a6bee06695c2885f87c1012aff267a3381387ad88bc7f43d1c9928744a88c1d45ae2495c4b

  • SSDEEP

    1536:Dk/xY0sllyGQMOtEvwDpjwycDtKkQZQRKb61vSbgZ3QzNKwU1:DW60sllyWOtEvwDpjwF85s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_a8cc6ae17a80640733844d7e99f3905a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_a8cc6ae17a80640733844d7e99f3905a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    16KB

    MD5

    6204e8535c1391cafa1c624c6bff8060

    SHA1

    86e78dec51ad9d765e9120817fabe01dd8fc04a7

    SHA256

    3c770d4cfda747bba8aec3be4d118fa6048bf8579ea818ce8324974006e5e1f2

    SHA512

    1c5c47225f826ee73b2e1a03c5f871322c0f98a57d63479166b2db73afebe0d224f1d28e67ef7faa5fb0c2200c2b77e8c927ee392c50d9bc1b678d29e4eb56f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    33KB

    MD5

    bf369d3d3c8cc8075750055aa464e1d2

    SHA1

    9db1ccaad5ce434851422933128cf0d196b0fc86

    SHA256

    958af384da6ceafe936b8f8d2c55dec6fc295a63703ba63ab1fee4446ef0178b

    SHA512

    311b043fca7b01fbb51f960dc036034c91b9ef09a36afed809fcf08292334e4bdc1b706a02bad3abee34d641716546bcea3b8ccbb8aa1c49e1c1b5bf030b10e2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    20KB

    MD5

    6de236328476d3c9bf8805bdd195ed5d

    SHA1

    bec1741965261b71f33bcd2c2dbc9fb6425bacc1

    SHA256

    a25b126c41787f2acfe084419d177188e5ab42335047ef0a5539849b7b3da9ad

    SHA512

    98c7a33548f04ba212373e5e7ec05e37d924c705a5e406c29a587973e3a54e528fcb458767568aa2d34f21fb64784ecc50cbc378c2a5224873ce03fa605148ba

    Download Submit

  • memory/1728-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1728-3-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1728-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1728-2-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1728-1-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-24-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-25-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download