Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-23...er.exe

windows7-x64

9

2024-02-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 05:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-23_357cd1664c8e798912e837cae83a50d4_cryptolocker.exe

  • Size

    42KB

  • MD5

    357cd1664c8e798912e837cae83a50d4

  • SHA1

    61529526a7ee0f190ff3f18285e6e3178579990c

  • SHA256

    008fb3728c95f6365841dd7a3fe0e61b16fc6d37804ba699d82af1161c1da3b5

  • SHA512

    b96ac1997eb0d59693e859e23af3dbd58b44320b905c30051b11ecca30aa0c771d6b1d91965c948a05b5793d13eabf31037a23b0afe6bea44f7ebb6a53b14765

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMRqrwGKT:bc/y2lkF0+Bjrdc

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-23_357cd1664c8e798912e837cae83a50d4_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-23_357cd1664c8e798912e837cae83a50d4_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    42KB

    MD5

    7e76d5f0b3e65e605d610a5eba7ccf3e

    SHA1

    bebec0efa0a79af9475cfee4984896df1f3cb515

    SHA256

    e5dc987ef2166ad60960cf7819068f1467f940a1d8118a7a38afc72cf935f2c3

    SHA512

    e79d432b26c5da3764b87338b76802f5500a2a258ec9f8f53fa0139d6164a7230ccbda78cae3836b22155d01851331c576c5c36dfb968146ca9aa6bf385b2f11

    Download Submit

  • memory/1792-0-0x0000000002350000-0x0000000002356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1792-1-0x0000000002350000-0x0000000002356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1792-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2212-21-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download