Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-01...er.exe

windows7-x64

9

2024-02-01...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    0s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-01_1090360d26072732ac893b6045f3a6e9_cryptolocker.exe

  • Size

    126KB

  • MD5

    1090360d26072732ac893b6045f3a6e9

  • SHA1

    464022f6d1bbac8637a97efe5e76f4da9177afd5

  • SHA256

    2a57393ee6c8be2e6f077f9fcadd9386024fa6371b42e715f459a76dbdc1f49d

  • SHA512

    ec5ec095473772f4bb5f013c94eb31777fd908a73c7683d91a769356287d9a9c37b9902e3745d17cfe701c027594153c86e7fa4067ccf1c66d796c5e15281a9d

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfIuBKLUYOVbvh//K:vCjsIOtEvwDpj5H9YvQd2RQ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-01_1090360d26072732ac893b6045f3a6e9_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-01_1090360d26072732ac893b6045f3a6e9_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    9KB

    MD5

    2f48a912ba52708d11062901eb4c69d0

    SHA1

    b76949fcd8e9ad26116ae6cef02bc6a0beb18917

    SHA256

    aa4a538298bdab3ae2786429cf8d0fdc462bc80a4fd1fc124faaa982c344b2e6

    SHA512

    c995f8d89c50275b12249762d7327f778aeeca7789a002902ed814973915a0200f4363b92ac184c0ee4f23df41792b0035b4425ce6bb759572e1d7c955bd4ebb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    59KB

    MD5

    9cd964c28ff85e4a892cd7f05d20f981

    SHA1

    2afbc655be67ca97d8cd18b3b1f443d4d8b84124

    SHA256

    33efa8c814a94ef97322f6c49e75ba61c05f8458e6cef1f5af9834a0edf398b0

    SHA512

    62a2fdc59d9eb364597a7f044851362ef2785139578d6305a0866dba6310f208f28f01449870fb1285b0f9a9156d241519a0c891fbceaa9829f66d14e3b01c90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    57KB

    MD5

    adda64a6e60673a2d42acd2974669539

    SHA1

    9e612b39bec68e803fc520828b107ddf39060317

    SHA256

    3f5ee6383a6d5845776064e2b52f895af21c87e0cfbb3472012ca2abd41310b2

    SHA512

    2669a3f9c48e8c933bdb2ef3e31981f4cb56bdb18c1f3f89aad9e93f117c6d8c515020eb14cc9be8a2d82ef9f476667e25edad0edb6efcb63488407302f5bce2

    Download Submit

  • memory/1340-2-0x00000000021A0000-0x00000000021A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1340-1-0x0000000002280000-0x0000000002286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1340-0-0x0000000002280000-0x0000000002286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2020-17-0x00000000020F0000-0x00000000020F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2020-23-0x00000000020D0000-0x00000000020D6000-memory.dmp

    Filesize

    24KB

    Download