Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-01-11...er.exe

windows7-x64

7

2024-01-11...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    82s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_bdcfd746268b9503859e00fbdb54b2cc_cryptolocker.exe

  • Size

    45KB

  • MD5

    bdcfd746268b9503859e00fbdb54b2cc

  • SHA1

    f3ec6b49533168bcff991c6e3ade304475a961dd

  • SHA256

    6337b4fe61fd920a9d02d328039da9d644870713a6e6e28ac353860ef4fbb127

  • SHA512

    0f6d6f24528a05d70117e05c53929c9e80fdd61a297a8c624106de56f4022c1de7545dcab0924e334e4b0fd71c75c6c247fc14ff12e8489f40152c95a5108b64

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLaHaMMm2X30E3J:V6QFElP6n+gMQMOtEvwDpjyaHaX9

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_bdcfd746268b9503859e00fbdb54b2cc_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_bdcfd746268b9503859e00fbdb54b2cc_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    PID:720
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
        PID:4388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      Filesize

      43KB

      MD5

      9295ab5d6a3d090ce793e7c4fb1a457f

      SHA1

      333d34486e4e277f595678d20f309b7cf1040365

      SHA256

      cc5719f27c2f8890881c9d0d8db0da044cb6c48400290d3bef028c9623af1ea8

      SHA512

      c60a6b9de610394df233e68eaad3fae892a95c9b4c2c869f72db11f84a58032716190235867519c6aa7725fc19d926fd8351415d0590690b595ae6cb38f7eac5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      Filesize

      45KB

      MD5

      a71e6c03cebd95e11a2eb7bb3d8e4347

      SHA1

      e2edc0663af355a4255a312be4710153d13eb60b

      SHA256

      0241d3ffce5ccf6ec53327edd77c91a321b66801882f496cfc548d9c6f7111a5

      SHA512

      b38356e72f185952c81ee09f8870962ec47bbb202461d819de0b42ece441b3ab039c5d43d0c0978e09249411cdfb10ac86b524f967264906991a892c871738c2

      Download Submit

    • memory/720-2-0x00000000004F0000-0x00000000004F6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/720-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/720-0-0x00000000004D0000-0x00000000004D6000-memory.dmp

      Filesize

      24KB

      Download