Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17/04/2024, 05:30
General
-
Target
2024-04-17_1e098a91f5deba98f586a01e2b2206ba_cryptolocker.exe
-
Size
33KB
-
MD5
1e098a91f5deba98f586a01e2b2206ba
-
SHA1
5063a0c4f10761292b4eb8bf8def94ff00034b2f
-
SHA256
0bc398c17feb0dc8a948419b48eb013cc133e2c14bd83e27974ae394f555f377
-
SHA512
bc69df6db67952696e1ba387cace5fd3959003650b2b9279e542f5eafe30821564b7b32c8da18963344f3b53dce22d1e681d91cb3675412b0e4fda2dc43f9116
-
SSDEEP
384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cuM9gxrW:bAvJCYOOvbRPDEgXRcuM9gxa
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-17_1e098a91f5deba98f586a01e2b2206ba_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-17_1e098a91f5deba98f586a01e2b2206ba_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\demka.exe"C:\Users\Admin\AppData\Local\Temp\demka.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
34KB
MD5c412382b8f543f3d11ae17fd6e59b169
SHA1fc00fb65d8c790fe093beb011ec0e58715c62895
SHA256a0f7234c8e146726a9af0caaf249364badf34eefb5241f8cee4737cc74ab10fc
SHA51289bf44da50a69b8a21568a1a80143b01db2fdcc5c742d5135359b12a12a0075826d47dd3a9d04419acf8bad41cef12cb9fa9b5ffabe2e45d6f5c646a31bf17a4
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB