Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-07...er.exe

windows7-x64

9

2024-03-07...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 02:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-07_eaceb5bef6cecff87a70e85b1a7638c5_cryptolocker.exe

  • Size

    98KB

  • MD5

    eaceb5bef6cecff87a70e85b1a7638c5

  • SHA1

    734083309189593c2c0dd7558ba51e439dd4e629

  • SHA256

    41893b65f163fab875ef807fcab91bd6ec2d326814e0eeb46d437972d9cb2f0c

  • SHA512

    159eed481decda5081ef714ec8ca95aa3185284dfc3eff7e27750098d38ec004a7c1e67c000ecbcd012f612175429704f4a0cf95b3aaa8a8212e3846becb2c0c

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgpQbCJjuz:V6a+pOtEvwDpjtzV

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-07_eaceb5bef6cecff87a70e85b1a7638c5_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-07_eaceb5bef6cecff87a70e85b1a7638c5_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2448

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-5.hugedomains.com
    traff-5.hugedomains.com
    IN CNAME
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    34.205.242.146
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    54.161.222.85
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    52 B
     1
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    34.205.242.146
    54.161.222.85

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    99KB

    MD5

    81a488f6669df72aefd61655deddd7df

    SHA1

    bbd8a3528fe9bad5e634bd0fc04d061d7dc70efd

    SHA256

    aed4329844d451e7f064d6c18acc7594740941077ba1a09f2700a9f2bce0c57b

    SHA512

    d50d0be91bdb4427404bced4426155867b833438305990e825c9fe5c88964330fd7f74f5b69438b56e826ea560b03b00c79eead0ace390f7269761aced481bf4

    Download Submit

  • memory/640-0-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/640-2-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/640-1-0x0000000001CD0000-0x0000000001CD6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2448-15-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2448-19-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.