Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 17:49

General

  • Target

    15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe

  • Size

    35KB

  • MD5

    ef6aff1c3857293362924a4a7ffeb8ac

  • SHA1

    5bcd17af196edfbee1a1ae8ded04807000dd5a3c

  • SHA256

    15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e

  • SHA512

    681d31bb1dd967cac47ec2d8ac240627d1242e87bc6d61588c214c39d30c3c9ef6bacf3235098db9491d58811cea725c02dc2e61459c66202ef39c460b76b8b6

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPb6b:YGzl5wjRQBBOsP1QMOtEvwDpjgarJb

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe
    "C:\Users\Admin\AppData\Local\Temp\15fe618d8e827be3368fde96b031e617f1b5d0a491e7f301197039274c27938e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1784
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4168 --field-trial-handle=2288,i,11069632825633797559,14829202121434726371,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\asih.exe

      Filesize

      35KB

      MD5

      936d0589287f5718bbab3e40c38278bb

      SHA1

      affc83e5301e34f30eaddbe04230cc98a0b593aa

      SHA256

      f3eb17514730195a49e00d35ebaecb9dee20aebdc72c782e4551c1218f0b157a

      SHA512

      cf57243b9380852935c96d5106875152ef65c1515a419d33522f37599ec803ade934c220ed37a43b21170669d29be7e81e5e2b22263c75f758907a9a459ff93d

    • memory/1784-19-0x00000000005E0000-0x00000000005E6000-memory.dmp

      Filesize

      24KB

    • memory/1784-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

      Filesize

      24KB

    • memory/4644-0-0x0000000000500000-0x000000000050B000-memory.dmp

      Filesize

      44KB

    • memory/4644-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

      Filesize

      24KB

    • memory/4644-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

      Filesize

      24KB

    • memory/4644-3-0x00000000006C0000-0x00000000006C6000-memory.dmp

      Filesize

      24KB

    • memory/4644-17-0x0000000000500000-0x000000000050B000-memory.dmp

      Filesize

      44KB