Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-10...er.exe

windows7-x64

9

2024-04-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 02:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-10_66a1681880b53e40fa2a9ddbd1f12ed3_cryptolocker.exe

  • Size

    129KB

  • MD5

    66a1681880b53e40fa2a9ddbd1f12ed3

  • SHA1

    fc8ef04847649aa31ada9dc3fdc1f62b6abb6530

  • SHA256

    8774b37fc88708def4b46d3c76270b0ccb7b1b24361608bd67755664196f2e90

  • SHA512

    d487510b073ec30c1212a5fbc5a36accc001beb8ceb292c1414c7013f5241c2890b600ef9a2299fd639a09be3fc6b38b051f96bae0dcfdf7987573505db93463

  • SSDEEP

    1536:u6QFElP6n+gWMOtEvwDpjJGYQbN/PKwNgpwb2CH:u6a++OtEvwDpj6zD

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-10_66a1681880b53e40fa2a9ddbd1f12ed3_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-10_66a1681880b53e40fa2a9ddbd1f12ed3_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2744

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-2.hugedomains.com
    traff-2.hugedomains.com
    IN CNAME
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    IN A
    3.130.253.23
    hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com
    IN A
    3.130.204.160
  • 3.130.253.23:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.204.160:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.253.23:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.204.160:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.253.23:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.204.160:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.253.23:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 3.130.204.160:443
    emrlogistics.com
    asih.exe
    52 B
     1
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    3.130.253.23
    3.130.204.160

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    129KB

    MD5

    2c43a9e304a0db8c7777547857498327

    SHA1

    598cdf99b0dc9d894724e7b33c762a38249abba0

    SHA256

    31c44fe3cc8e1773eecba57e6ab1fb17aea86d533aac43cb65be750c901061a6

    SHA512

    701d763f34ccde8776deb912651d62ef73216dc4fb870b0b74810d222e3e6acfae54c8364e541cd115ebfbfc72f40fffdf1c41dce2772d3ce027f5e3faa038e1

    Download Submit

  • memory/2148-1-0x00000000003F0000-0x00000000003F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2148-0-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2148-8-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2744-15-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2744-17-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.