Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-23...er.exe

windows7-x64

9

2024-04-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/04/2024, 18:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-23_990ffa0428f987eb35cc804c2f506c7c_cryptolocker.exe

  • Size

    50KB

  • MD5

    990ffa0428f987eb35cc804c2f506c7c

  • SHA1

    af1744ee334b95a3dde66ed6b08e7c867b24e6b5

  • SHA256

    ec32f02537c6285b206f5c78a72bb1e35dd1928e29cdd35416501b440d1650b0

  • SHA512

    b83f33079c87a015f53d12a3cb9c1cc97b1712a1a1eebc7ad93ef041b901048eab4828dd324e127362e8396461f3fa831ae74e31596ad7fb5d96bf97484c85af

  • SSDEEP

    768:6Qz7yVEhs9+4OR7tOOtEvwDpjLHqPhqlcnvhx5/xFRp5jvbN:6j+1NMOtEvwDpjr8hhXj53N

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Detects executables built or packed with MPress PE compressor 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-23_990ffa0428f987eb35cc804c2f506c7c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-23_990ffa0428f987eb35cc804c2f506c7c_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:1628

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    432 B
     299 B
     8
    7
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    386 B
     184 B
     8
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    444 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    284 B
     215 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    186 B
     168 B
     4
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     179 B
     7
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    340 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    662 B
     179 B
     12
    4
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     132 B
     5
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    720 B
     179 B
     12
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    492 B
     259 B
     8
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    388 B
     215 B
     7
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     92 B
     5
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    536 B
     259 B
     8
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     259 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     299 B
     6
    7
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    484 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    406 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    594 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     172 B
     5
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    594 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     92 B
     5
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    766 B
     219 B
     13
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    406 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     259 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     179 B
     5
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     172 B
     5
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     92 B
     5
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    646 B
     219 B
     7
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     179 B
     5
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    340 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    236 B
     92 B
     5
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    444 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    400 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     259 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     299 B
     6
    7
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     259 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    484 B
     219 B
     7
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    406 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     179 B
     6
    4
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    340 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    400 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     259 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    484 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    454 B
     215 B
     7
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    284 B
     255 B
     5
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    232 B
     88 B
     5
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    436 B
     215 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    454 B
     215 B
     7
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    446 B
     259 B
     7
    6
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    104 B
     2
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    57 B
     73 B
     1
    1

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    50KB

    MD5

    a22c943ed8018d54b593a10984d6e376

    SHA1

    717d19abd8a7e9131cb6cad96cdf29c41c5be290

    SHA256

    acfc0442bcc1a4be97dca687e35df053ea8c2e31a9ceb7661681f2c14df848a1

    SHA512

    ee33917a85d9a9380fa93d33570c1bdfbf292087bc75ab5ea1ec10f1a45b8eff0cd75a945f39500e9c1697d4758ae9eb4e64b0ffc3fafbc5fc9e3d32653d2a4f

    Download Submit

  • memory/1628-16-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1628-18-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1628-25-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1628-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1736-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1736-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1736-2-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1736-8-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1736-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.