Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-08...er.exe

windows7-x64

9

2024-03-08...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 02:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-08_44f0a9f911a2c79e3638da37db916003_cryptolocker.exe

  • Size

    57KB

  • MD5

    44f0a9f911a2c79e3638da37db916003

  • SHA1

    a1df4e73c09e67d1cb9b9219b207da5b93c6d569

  • SHA256

    341cb20dbeb83339f0ee3fd95cab65eee7541797c0926b1c9560001a4cf92143

  • SHA512

    2e08ddc7f4488c2c6526f2984cccde743d33c9579b136eb841c2a7810543ed3ef85f682343461ee9ab0520be4955385d56c5136f574e9f8a2f9bf4f4dbf59b57

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWfbZgBh8i6g7GoFwEt:xj+VGMOtEvwDpjubEgywEt

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-08_44f0a9f911a2c79e3638da37db916003_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-08_44f0a9f911a2c79e3638da37db916003_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2984

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    52 B
     1
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    57 B
     73 B
     1
    1

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    57KB

    MD5

    b3f89404d227eb10f0790e9f1fc50d8c

    SHA1

    f3833b7b665a8916c7d47adc475882225dc1c7a7

    SHA256

    8c26faeea8a3d0fa46940afa175f275a309cc0412aad8f7a10a8e9acf2206f72

    SHA512

    018503ab337c1a62a460b1fba7e4ebe8e6cdfeed63bf81b5ddecc27d85f5fe257d312495cfac108a6b593c1fb7b4fd4888df24324cf7bd8f6ade097e1cca73d3

    Download Submit

  • memory/2236-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2236-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2236-2-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2236-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2236-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2984-16-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2984-18-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2984-20-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2984-26-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.