Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-04...er.exe

windows7-x64

9

2024-02-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 09:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-04_759645d1007b984550d2201798630366_cryptolocker.exe

  • Size

    52KB

  • MD5

    759645d1007b984550d2201798630366

  • SHA1

    562ebb50073af49ea6b2a71a1f04a3a2f493a0fe

  • SHA256

    8a62d1524639d6a9ceef2a3b169e1cfd988ff11b93900c563fdc9bbeef91f4e0

  • SHA512

    8c8cf59df073abd7ca460f888e0d5d8d7542541be513f1146ebb13fc876d09ca5b9f035a3296af73b57db113b97882c72ccb2777940ebf7d605ad1f5794c302c

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9XbTbmhTB/:bIDOw9a0DwitDZzcTQ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-04_759645d1007b984550d2201798630366_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-04_759645d1007b984550d2201798630366_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:3548

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    55 B
     128 B
     1
    1

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2.173.189.20.in-addr.arpa
    dns
    142 B
     314 B
     2
    2

    DNS Request

    2.173.189.20.in-addr.arpa

    DNS Request

    2.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    110 B
     256 B
     2
    2

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    52KB

    MD5

    ac7f02f7af6226a6b307c73282148f48

    SHA1

    2ee0aa08a969722cde190ec8509a3167759e03a2

    SHA256

    0e792568ad13ae4228f00a9aa98e9b8c24d20fe51b459d47f4daf6f108a68488

    SHA512

    cbb6f171710ae0acdf7181fbcf9bc8dac012f91507c5382342cc2fa0460b745400305cdc0ddabef86126961c10ba627ed9e49d78e421ab1cc503c255d7901043

    Download Submit

  • memory/880-0-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/880-1-0x0000000002200000-0x0000000002206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/880-2-0x0000000002230000-0x0000000002236000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3548-18-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3548-17-0x0000000002080000-0x0000000002086000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.