Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-21...er.exe

windows7-x64

9

2024-04-21...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe

  • Size

    39KB

  • MD5

    2d3b7a94d371bdb0e875337b2c5d62df

  • SHA1

    e9a4b43d8990b9a385540cc8c21509fc427b65eb

  • SHA256

    f7ef7492acd64edebd38128e8132f58e198ba40005f631696dbf5a25265866d9

  • SHA512

    3b5db9276afec7d579b4eb3dd16e291b67d235c794830c1c7c739a1e6104216f549883cc597d39045067675344314355719c629aa776125c57331f6cfb417c5b

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkLNWL:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkL+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    450ad71453c46244a00e0b21c13e19d8

    SHA1

    cc138b6b26f80b354af0e6226ecfd24d03afd204

    SHA256

    a7e3e9f2491266c00a217179d578740fe69410db8763ec6f107136b220628d9e

    SHA512

    0fe5f6e48301607cf767f0188d2f9da4bb06a96cc43f103cd2072cf2bc4434913a926a51550665100e81198a119cbd6af9a0d4cbd1c2b57badde0280359966bc

    Download Submit

  • memory/1744-0-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1744-1-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1744-2-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1744-3-0x0000000000360000-0x0000000000366000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1744-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1744-13-0x0000000002380000-0x000000000238B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2664-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2664-19-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2664-23-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download