Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-13...er.exe

windows7-x64

9

2024-02-13...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe

  • Size

    94KB

  • MD5

    5b04b3c707c96fd645e2eb294ed88cd1

  • SHA1

    4515c6b9c98999aecba122377b0c151a8a38a025

  • SHA256

    f25f12098ab431c5191bf168daa27265710f8cbcdd807c6f95fed4dd622dbb6a

  • SHA512

    9d889d1d51ff9d43e0c119eb371630b68410ee41c6c7ae8d9d06792a2115bf582ec0e36f380074e7c2f20cd80e6c56cb02f78ec0376eef5f4ec9aaaef3d36bff

  • SSDEEP

    1536:Z6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNC4w2w:Z6a+pOtEvwDpjtzk

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-13_5b04b3c707c96fd645e2eb294ed88cd1_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    94KB

    MD5

    40476bb384f413cc470d2bfea8ab4cc6

    SHA1

    f1adfaa9fd6898332a14aec674a1f76400b5b10d

    SHA256

    df1ef3789d2c945f19b4de605085df4bcbbdcf5c96bb861bfcb04ffa833c3657

    SHA512

    04e2fc24da7883a9ae51cadbd88036c6ff459b5c602992e8be32c81a3aa31e847d5fd86747a5053c9725b5987f9b9010d563031e295cd44db2edbcfecd414ff7

    Download Submit

  • memory/2140-0-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2140-1-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2140-7-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2912-15-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2912-22-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download