Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-03...er.exe

windows7-x64

9

2024-02-03...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 07:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe

  • Size

    119KB

  • MD5

    894c20d5ac0dbd5415856315f153245d

  • SHA1

    a8802f9fb0cc782bccdeae235fff0468c80ae415

  • SHA256

    a2ac38cbf80ff908a07342ceeb7361ee80242451367d75689ec1a98facdb9da7

  • SHA512

    7afbec3633400bec690bb9df56b076eaad3596d7d7b7e5003698c9c322853d3bc0024169d48f5713a4a4e480684987390c397ac6c3ff77e9de1e261cb2077b3f

  • SSDEEP

    768:gUQz7yVEhs9+4T/1bytOOtEvwDpjNbZ7uyA36S7MpxRIIXVe3mU9TYwlOBT+:gUj+AIMOtEvwDpjNbwQEIPlemUhYO

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-03_894c20d5ac0dbd5415856315f153245d_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    119KB

    MD5

    92902173161bb26a34bb81b7ad147d99

    SHA1

    f82e259d6347ed85bc03fda6fc84da720a5f8247

    SHA256

    51bbbb0fcfe940cbea1044256d331a0e360cc544133db09a9f128d8b2cc3dddc

    SHA512

    d38aa038b7e35567c06d672ab734edc544e237b364c77ff1b04f1e1a9ab059c02e204d6f71009e97df1332e4af75b3dd95bef1763e27d7851a0b1b50b7ed6da2

    Download Submit

  • memory/3276-17-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3276-20-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-0-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-1-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-2-0x0000000000550000-0x0000000000556000-memory.dmp

    Filesize

    24KB

    Download