Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-04...er.exe

windows7-x64

9

2024-02-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-04_9352f1a25b7eb11b56edd67379a438fd_cryptolocker.exe

  • Size

    43KB

  • MD5

    9352f1a25b7eb11b56edd67379a438fd

  • SHA1

    e70ded9db8057f2e9127574429b012263a7bd6f9

  • SHA256

    590f7c2a93ce8628abf9013dbf48324da51370626480dfc2f4dcc67e7055365d

  • SHA512

    b5ac210c8557868b59bcec36cf13aa889fa350f69c1ee69225f6497e50ecc3d963b985fd8a3d8963c73ac116876f591c2d73a5ef93e775ea27f55765def4a609

  • SSDEEP

    384:e/4wODQkzonAYsju5N/surDQtOOtEvwDpjqIGROqS/WccJVJwi2B5oCCM8CLV:79inqyNR/QtOOtEvwDpjBKccJVODvy34

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-04_9352f1a25b7eb11b56edd67379a438fd_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-04_9352f1a25b7eb11b56edd67379a438fd_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    43KB

    MD5

    51ff7eb44ee5844590ad03b7beb25fa6

    SHA1

    f5fd5dd723fe766317c242d70d1589a679dba7af

    SHA256

    3b131611959a69d420a79744decb0a4638cd41689905ae8f9d00e2d5c5387d90

    SHA512

    82c925f05993081c7a77c0ffc3cedd902bcb9ce03a771a8997b16f504fa450134418167946273ef4e4a5c6f33b611b593f6d4f754c415f91a0d6d8849d57a9a6

    Download Submit

  • memory/2108-19-0x0000000000510000-0x0000000000516000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2108-23-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2204-1-0x0000000002190000-0x0000000002196000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-2-0x0000000002190000-0x0000000002196000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-3-0x00000000021B0000-0x00000000021B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download