Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-24...er.exe

windows7-x64

9

2024-02-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-24_f6219a35fd1e7c05ff05e76ce68ad0f2_cryptolocker.exe

  • Size

    37KB

  • MD5

    f6219a35fd1e7c05ff05e76ce68ad0f2

  • SHA1

    464e5cef515be6801e528c80e08367b1afb2e5ef

  • SHA256

    527dc11be760ad05fb051fe70271202f67e9c8632dc402887d706b8e4e03df68

  • SHA512

    f708aef0e27cce137543614d37c152b72c4cd94df94229865f3a839ec4f69f53e1db899d1bfb88d1febd43ee7351ef5b373ee3d327bd33017610a00436af0501

  • SSDEEP

    768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen7JEgx3ZK:bxNrC7kYo1Fxf3s06gfK

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-24_f6219a35fd1e7c05ff05e76ce68ad0f2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-24_f6219a35fd1e7c05ff05e76ce68ad0f2_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\pissa.exe
      "C:\Users\Admin\AppData\Local\Temp\pissa.exe"
      2⤵
      • Executes dropped EXE
      PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pissa.exe
    Filesize

    38KB

    MD5

    7c21e31ac94997d688e515839a5f3982

    SHA1

    0ffaa00f3cd0289e37104181b8c9d3a4cac5eead

    SHA256

    9581a4df54ea56cd2500f3dc26f010078fa2951dfe5ee7c20d1e4194c90edf02

    SHA512

    88a42438afc23f275cefbee3cd63a2c9b43f57573fc38ddd6e6d51faa8285d22564dd3e93604fcea893a3d3048e748e4b62afb0dc9d0145c0dd6fbda28b3d934

    Download Submit

  • memory/1868-0-0x0000000001CC0000-0x0000000001CC6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-1-0x0000000001CC0000-0x0000000001CC6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1868-2-0x0000000001CE0000-0x0000000001CE6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3032-16-0x0000000001CA0000-0x0000000001CA6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3032-15-0x0000000001C80000-0x0000000001C86000-memory.dmp

    Filesize

    24KB

    Download