Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-02-29...er.exe

windows7-x64

9

2024-02-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 07:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-29_859fdc590b0cd7f2b57562f546840084_cryptolocker.exe

  • Size

    32KB

  • MD5

    859fdc590b0cd7f2b57562f546840084

  • SHA1

    4c45f8c3eb757e058de68b86f023d71fd9532773

  • SHA256

    4ef2ba74836f335e1d413a404cbe13c2af6672c41da10f9c5405f96f15a1f742

  • SHA512

    d2fd537da1debf7d7287445c03d564605f522814491d952d32b4d9d2afd9dfb2bd0c488ebc32e424ef3b7a647073897cd8af90d2d0049fc44046f2e16efc5862

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUr766SJ/Tl+bltoGk6WdsZR:bA74zYcgT/Ekd0ryfjQRSlwltYU

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-29_859fdc590b0cd7f2b57562f546840084_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-29_859fdc590b0cd7f2b57562f546840084_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2860

Network

  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     107 B
     1
    1

    DNS Request

    mytarta.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    32KB

    MD5

    9f4dd1af68f195625ad69c4ceffdd19a

    SHA1

    2fb51ebb03488fb591ff374aa6d9968bf9ac36f7

    SHA256

    262c146dd0486b0f2f961ba727016c693a12a8aa0c2ba42e930628be78a11176

    SHA512

    3f8dbd774eadc9181f538ad77b95edcbfb105131c161085e44c96c1c217c3e58123b83b97d98bb847b53d667c065c36f6b1ea259d031d366730b4725bb8ae72b

    Download Submit

  • memory/2860-15-0x0000000001BC0000-0x0000000001BC6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2860-18-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-0-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-3-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-1-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.