Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-03-11...er.exe

windows7-x64

9

2024-03-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_45f7dc3106f5b02791e9e54d25d0b68f_cryptolocker.exe

  • Size

    38KB

  • MD5

    45f7dc3106f5b02791e9e54d25d0b68f

  • SHA1

    218691d25354a28d37be061801550346ca443f81

  • SHA256

    58fcd3c1dc9da6d1c9fc4411c8761f7f7cffdb14dd0dc1d5e0aabc9319de6bf2

  • SHA512

    5c4ccffa56a260545ff56edb18dbd18e45d76bdd3427f0a2a459778bcf68335dc4351d185536750d08ff44e01b3f3e9e0801c7fcdc3c6b0c555f16daa11b0afa

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLam5axJ0:V6QFElP6n+gMQMOtEvwDpjyaYaP0

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 2 IoCs
  • Detection of Cryptolocker Samples 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_45f7dc3106f5b02791e9e54d25d0b68f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_45f7dc3106f5b02791e9e54d25d0b68f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    38KB

    MD5

    80f897ae608b453a6cd0d80b0170bd03

    SHA1

    90a4680df94d9b420f576138695480b2e10551a3

    SHA256

    dc23d806732d6d907a7845e8ae3e3cee8c6fdfd8424669857317cd83d67dda1b

    SHA512

    ff933acf51d432f8e8d14f4a00eecd297fcf0c37180932b92cdc4f63b60102df559ef18246ff740a545900d3066921459a5d85f3195225cd897ac1d87eb9943d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    34KB

    MD5

    92e1c19c80a64a9079034097b56d9739

    SHA1

    3aae5847df8dcd01b46934853ab17a17ffd1f4ff

    SHA256

    dd5b53382354478c77f315cda503570df6735caef037213dca4351fdd0e83f85

    SHA512

    e5432952cb281303d2f667565dbf3e921723825965f041bc5ad01bd55d14283870bc9c9e02b9af39afbd90d7a5ee159195bcd7d3db97a515b7666174c2502713

    Download Submit

  • memory/3148-2-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3148-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3148-0-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4916-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download