Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-10...er.exe

windows7-x64

9

2024-05-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-10_4bec9391a8a2c85c46228051e2ec4b97_cryptolocker.exe

  • Size

    44KB

  • MD5

    4bec9391a8a2c85c46228051e2ec4b97

  • SHA1

    bd2ebafc0c22e810fdf7c0f9da81520ba6173adf

  • SHA256

    3c85242bd827177e09087a51f24d1a1e8d6ab68f078530dd8e2ceec1dc3715ed

  • SHA512

    48e5b45c5815873b065854028976089f726fb12d2e022efde182894fedc40eafe2d3ffd664a06579dd35fb792957b54157654769e24f8f16c0f8319a1701ca12

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4X0WcO+wMVm+slAMphq4:bc/y2lkF0+Beq4

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-10_4bec9391a8a2c85c46228051e2ec4b97_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-10_4bec9391a8a2c85c46228051e2ec4b97_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    44KB

    MD5

    1293a709ded3acf15f318f0383a348d4

    SHA1

    aa9fb15aa1ed0fbb05afd0b8cf5753d285c784b0

    SHA256

    c6c91426f2e6ec3c74b2523eb0541b067bed783508c3461d59135a6d9fd30c67

    SHA512

    7cc8370ebffab000c99a250c602a9d81a357fada82c193a57291f55241679a58ca59b5bb75960cda0e92d444f156207a550441a7aaf4a4526fedb88765c4de8a

    Download Submit

  • memory/2172-8-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2172-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2172-0-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2536-16-0x00000000002A0000-0x00000000002A6000-memory.dmp

    Filesize

    24KB

    Download