Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-05-14...er.exe

windows7-x64

9

2024-05-14...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-14_67424bceec7caf2d739a343b5680c09f_cryptolocker.exe

  • Size

    53KB

  • MD5

    67424bceec7caf2d739a343b5680c09f

  • SHA1

    2b613678cfd70e1c4749d6b2bb9fe30fbaa4c4a3

  • SHA256

    179056afa5d93cd4b52571de0e9b96b798c5b4d91f40e812bf9350478b4c5af1

  • SHA512

    10032ed55ac911f5b04c055f869478c1f57cfc23c4fe38ff4f6568792efeb2959329db28d2876af4cc2f20937e72700f8bb5d3a05a8742faae4da6d7fed6b429

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vxmlcaTIK:X6QFElP6n+gJBMOtEvwDpjBtExml9

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-14_67424bceec7caf2d739a343b5680c09f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-14_67424bceec7caf2d739a343b5680c09f_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    53KB

    MD5

    28bf2f5a3da68d31f4dcc92abaf02700

    SHA1

    8c444e8b2317e195eeb3386c241974e18e42417a

    SHA256

    28ce5968f5e66252e246fa9b32cbfc375fef5d71c222f392d655ee9b8a64aabb

    SHA512

    066d18dd9258141fe192b976be9e98049ddd96fe9591e8119beef9071b573d47a8a53e31f32f79d357c674840bdd4275bf1a658a90ced45d4b15dc7756f4ef2f

    Download Submit

  • memory/2052-1-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2052-0-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2052-8-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2120-15-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2120-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download