Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-10...er.exe

windows7-x64

9

2024-06-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    0s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 02:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe

  • Size

    49KB

  • MD5

    ffb5e536307cf11067f864e3833217db

  • SHA1

    9bbe338b2297d33cba61a7053ff5800e31d2f2c7

  • SHA256

    1438c035b7bd29cf71ae2eb3728474d47224d4baf18bc0c36e66653947860abd

  • SHA512

    17bd4cf5c201b33155702bd839effefa8958c5381af8b2a535aa2650af522afe9ae9d4e7f82c6d9a0e6d7307dfd1733290cd47e75caece1d96f817d98ea8c7e6

  • SSDEEP

    768:xQz7yVEhs9+4uR1bytOOtEvwDpjWE6BLbjG9RzhwaRhAEFo:xj+VGMOtEvwDpjy+TRhxu

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Detects executables built or packed with MPress PE compressor 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_ffb5e536307cf11067f864e3833217db_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    PID:4404
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
        PID:912

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      Filesize

      49KB

      MD5

      b36259ad63ebb94ef8f6480cff491452

      SHA1

      810e4c51aeb8284efb08b3d12f0a229bf8ec97e0

      SHA256

      e1832ac2af83851f70e2563f9fd6479aec601c81e6173ff8ef7da0a62b652a1d

      SHA512

      9fe6fa35b3b48c21fe1fe6206d9ad84e7dd5fd88374d74428d8868bf2110643c87b55da588d147917e7f0562752d826e336a66c400628507f30e2d0f5d66ef90

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\misids.exe
      Filesize

      315B

      MD5

      a34ac19f4afae63adc5d2f7bc970c07f

      SHA1

      a82190fc530c265aa40a045c21770d967f4767b8

      SHA256

      d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

      SHA512

      42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765

      Download Submit

    • memory/912-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/912-19-0x00000000004F0000-0x00000000004F6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/912-48-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4404-0-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4404-1-0x00000000020D0000-0x00000000020D6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4404-9-0x00000000020D0000-0x00000000020D6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4404-2-0x00000000020F0000-0x00000000020F6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4404-17-0x0000000000500000-0x0000000000510000-memory.dmp

      Filesize

      64KB

      Download