Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-21...er.exe

windows7-x64

9

2024-04-21...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe

  • Size

    39KB

  • MD5

    2d3b7a94d371bdb0e875337b2c5d62df

  • SHA1

    e9a4b43d8990b9a385540cc8c21509fc427b65eb

  • SHA256

    f7ef7492acd64edebd38128e8132f58e198ba40005f631696dbf5a25265866d9

  • SHA512

    3b5db9276afec7d579b4eb3dd16e291b67d235c794830c1c7c739a1e6104216f549883cc597d39045067675344314355719c629aa776125c57331f6cfb417c5b

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkLNWL:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkL+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-21_2d3b7a94d371bdb0e875337b2c5d62df_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:712
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    39KB

    MD5

    450ad71453c46244a00e0b21c13e19d8

    SHA1

    cc138b6b26f80b354af0e6226ecfd24d03afd204

    SHA256

    a7e3e9f2491266c00a217179d578740fe69410db8763ec6f107136b220628d9e

    SHA512

    0fe5f6e48301607cf767f0188d2f9da4bb06a96cc43f103cd2072cf2bc4434913a926a51550665100e81198a119cbd6af9a0d4cbd1c2b57badde0280359966bc

    Download Submit

  • memory/712-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/712-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/712-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/712-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/712-18-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3952-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3952-21-0x0000000001F70000-0x0000000001F76000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-20-0x0000000001F50000-0x0000000001F56000-memory.dmp

    Filesize

    24KB

    Download