Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-04-29...er.exe

windows7-x64

9

2024-04-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 14:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_56fa6e2895a70720f80e64c5144571cc_cryptolocker.exe

  • Size

    42KB

  • MD5

    56fa6e2895a70720f80e64c5144571cc

  • SHA1

    f7679efe02f8adc49f7edf4fe507b8b8e9afd3ba

  • SHA256

    70e6a3c24708a35e6d951200b3e8fb5ba64cea0cd16c8fb6ce974472e70563ac

  • SHA512

    11c26033594f0d100aa3a8e877395a046fd4e77f2e434b61a6e0a47f200cdfad8ba01d4c47f4ce9fe0c1b7fb49c582937dc1ecbbeb901b28428037f3627ceec7

  • SSDEEP

    384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jo0nrlwfjDUc:bm74zYcgT/Ekn0ryfjF

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_56fa6e2895a70720f80e64c5144571cc_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_56fa6e2895a70720f80e64c5144571cc_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2972

Network

  • flag-us
    DNS
    mytarta.com
    hasfj.exe
    Remote address:
    8.8.8.8:53
    Request
    mytarta.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    mytarta.com
    dns
    hasfj.exe
    57 B
     130 B
     1
    1

    DNS Request

    mytarta.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    43KB

    MD5

    03ad7c88bb6490f1b74106bb1d77a087

    SHA1

    4239fa80a6e3e69698abea13cb8aa9a0bda6c734

    SHA256

    4f388fb6aa2baba13150793c92dd65981cabe6616300844fd03c400352f06d81

    SHA512

    98be3b666673b896a2106966d2aeab52e213b1332dd026c939ab259e98e14651c191e38bc685cc55f5b61908842851649e4c6268e7fec63e0549ae4efedfbad3

    Download Submit

  • memory/2972-17-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2972-19-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2972-26-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2972-27-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3056-0-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3056-1-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3056-2-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3056-9-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3056-13-0x0000000001CF0000-0x0000000001CFD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3056-16-0x0000000008000000-0x000000000800D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.