Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-20...er.exe

windows7-x64

9

2024-02-20...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20/02/2024, 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-20_a4fc07f82e9f198c794681a7e096437c_cryptolocker.exe

  • Size

    31KB

  • MD5

    a4fc07f82e9f198c794681a7e096437c

  • SHA1

    b716fe02fc1fc77fffca0f2ce95a7b3f70eb2faf

  • SHA256

    4c00478e1367e71a820601695114468ed948a864883cdb9de746a0a5f28608f8

  • SHA512

    44f98bba4513160d24e52fe2ec8866f30f28eb369b5193b0e1bebc63c2dee7a6261073cb09205b67701e969c0ef96d85730d17c57fdb3725f1a1fcfef3065351

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUr766SJ/Tl+bltoGkg:bA74zYcgT/Ekd0ryfjQRSlwltYg

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-20_a4fc07f82e9f198c794681a7e096437c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-20_a4fc07f82e9f198c794681a7e096437c_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    31KB

    MD5

    bfa6c9cb207497fff508eec2cae3050d

    SHA1

    e04636428ec877bf73c8b9c9011ea5573fc4cf28

    SHA256

    3240210977a839d54d2affdb8317b95d07c64d7276058441cfc282df221042f5

    SHA512

    5785c8498a3b13bd28e6e0ba0a9b089247e5663822f8247f7817751146678c940947f86dba81ca3b59e04403160f6c351c7cfccb24fcf2d99c071ebfc091c417

    Download Submit

  • memory/2556-0-0x00000000003A0000-0x00000000003A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2556-2-0x00000000003B0000-0x00000000003B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2556-1-0x00000000003A0000-0x00000000003A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2964-15-0x00000000002E0000-0x00000000002E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2964-22-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download