Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-01...er.exe

windows7-x64

9

2024-02-01...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-01_ae2b9ace0ac16f0c19beb779c41c0d54_cryptolocker.exe

  • Size

    39KB

  • MD5

    ae2b9ace0ac16f0c19beb779c41c0d54

  • SHA1

    f4c2fc92b289205e8c56f464e346935ff80f11cd

  • SHA256

    4ed7e001055083f42011d5f4244ebd406af5ee22d7f8837dd4ac4e5e00586bb3

  • SHA512

    a1ceab8f277e2a59e0c9748e5e343941d9f178006a76337f97256a98a2fb2775a65cb10f1cfc21b13511c97eca8b1de2aab219d2327f95cb9dee503c90448720

  • SSDEEP

    384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzoiM8Nekdvjl9V50i3NbZM+ih:bAvJCYOOvbRPDEgXrNekd7l94i3p+F

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-01_ae2b9ace0ac16f0c19beb779c41c0d54_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-01_ae2b9ace0ac16f0c19beb779c41c0d54_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4184
    • C:\Users\Admin\AppData\Local\Temp\demka.exe
      "C:\Users\Admin\AppData\Local\Temp\demka.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\demka.exe
    Filesize

    39KB

    MD5

    ee0c0f1c9fcce70973eb07a7148cf264

    SHA1

    b1e937d1ecafa14e0e29dfcc138efbadfaf7e956

    SHA256

    a54c6efc18fdc46c2574d6819b9081553f14e3629fbf4e6602023037896a4bda

    SHA512

    c71484af7868561d11cb5e2a03d13032ad2be6e602cdd44378a0ac9fb8b40a0a387c3ec7fad73068db51ca2ad0dc655ea9f7a22659187b6a6c47de7447c7f4ed

    Download Submit

  • memory/1424-21-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4184-0-0x0000000002250000-0x0000000002256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4184-1-0x0000000002250000-0x0000000002256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4184-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download