Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 22:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_8c34f72af16a0df9c8957fe92fb9a6cd_cryptolocker.exe

  • Size

    43KB

  • MD5

    8c34f72af16a0df9c8957fe92fb9a6cd

  • SHA1

    3892a805265a9195c1e03a20e7e0907337a0b8fa

  • SHA256

    8d847ace4d99fd98e99f4078ca19583a2e083005c671694f5954b1dec3b02608

  • SHA512

    ccaea228c34ec5e93b43a51c8fc48f21d420dba9bb1a59ea17f7918c744fb5c7290f736bf2ecf642c8264288189df9727e161870bdbfa7de1f91d69a933a6e2b

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMphqR:bc/y2lkF0+BeqR

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_8c34f72af16a0df9c8957fe92fb9a6cd_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_8c34f72af16a0df9c8957fe92fb9a6cd_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    43KB

    MD5

    7f74b389b86f4a1f1b5d210eddb0ede5

    SHA1

    0364e44cf5daab81cb50b8545ffd14224da7ea2f

    SHA256

    15d4067b8a0892449d14efffba23d5c2cc186ec09a3aed406231143ac826bdde

    SHA512

    746d0ffe1e6d11888d710684fbf045725003cfc3f99346ee5bbcb8e203d04a0805566904e1c62f1f95782afe0179fa04fb2c92b72707cb0cf1ce904b0e821375

    Download Submit

  • memory/2484-23-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2860-0-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2860-8-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2860-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download