Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe

  • Size

    71KB

  • MD5

    f2251bae659c8bac534ce49ec4b33055

  • SHA1

    38f4dc5a88d2d27a85e7261d9df6d600e6e11ad2

  • SHA256

    a0d59aad6c681d036f48bd28866adbfae5e05890a750187a4c8040cb25f73fe0

  • SHA512

    cd0b227e9cd08a8dfb64453eec6d863ed94b4f9e30973d54476adb2067dffc5f925ab785ba3b4111d6e022fca1b11f433ee0ba001d9ac98afe23089bfe328bb5

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1h:X6a+SOtEvwDpjBZYvQd2h

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    71KB

    MD5

    3a81720924e5ca42dc03ac539e746be1

    SHA1

    62d946a4d4c37e3df9ec543a6e23410b57935600

    SHA256

    c754d58de6a35ba34a3304b850ce0b4848c1ae267020c714c96a6583a9b03e20

    SHA512

    2e6f91cecfe523ad5fd57c54d2344232ac0e3277fa05359ecac9e639c5257009d7aadaf425610391fe87e855832724fd5a254bb69e07b7de12c5f69eabdb126b

    Download Submit

  • memory/2952-1-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2952-2-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2952-0-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-17-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-23-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download