Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-06...er.exe

windows7-x64

6

2024-01-06...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-06_991663f006fd52ff7ed40b190f47f8cf_cryptolocker.exe

  • Size

    32KB

  • MD5

    991663f006fd52ff7ed40b190f47f8cf

  • SHA1

    fb768c7e137ad1e454836a7fe52f2847b9667655

  • SHA256

    87c90d4dc3d0897bb632926b47804e070181a645bea817ed823dba498665fee2

  • SHA512

    d4cc95361de6b5ca067ea963f5bb7fd660f127edd952221e8e890dd72ba2e4fd43b53be3a3daa2500efa02dbd3ddc60e4560576b07d417e701d4d42a68195a63

  • SSDEEP

    384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AmflxB:b/yC4GyNM01GuQMNXw2PSjHWzB

Score
6/10
discovery

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\retln.exe
    "C:\Users\Admin\AppData\Local\Temp\retln.exe"
    1⤵
      PID:2228
    • C:\Users\Admin\AppData\Local\Temp\2024-01-06_991663f006fd52ff7ed40b190f47f8cf_cryptolocker.exe
      "C:\Users\Admin\AppData\Local\Temp\2024-01-06_991663f006fd52ff7ed40b190f47f8cf_cryptolocker.exe"
      1⤵
      • Suspicious use of UnmapMainImage
      PID:944

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/944-1-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/944-8-0x00000000003E0000-0x00000000003E6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/944-0-0x00000000003E0000-0x00000000003E6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2228-23-0x0000000000290000-0x0000000000296000-memory.dmp

      Filesize

      24KB

      Download