Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-14...er.exe

windows7-x64

9

2024-06-14...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-14_5010bfc7295d5d7a823b1b27bef4f8af_cryptolocker.exe

  • Size

    47KB

  • MD5

    5010bfc7295d5d7a823b1b27bef4f8af

  • SHA1

    6ed6e1f64571ce6c4e2422b5bf44cd9d4d47cbbb

  • SHA256

    ec3d7e17790542be338910902310989e0c00f24c40c1cf6107cbf065a38b1ffe

  • SHA512

    b0a33eeb235285f3adb26cb3c5d5688304af0cc5fe2c72c9aefca60f881a85591d063852a1400b1f0754853bcd3326263379d66e15623d00f791094710a7da89

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBKccJVODvy3ULn:79mqyNhQMOtEvwDpjBzckqUL

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-14_5010bfc7295d5d7a823b1b27bef4f8af_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-14_5010bfc7295d5d7a823b1b27bef4f8af_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    47KB

    MD5

    e3bc11fd4fb6daa545ecafcc12141f10

    SHA1

    d83eab5e65d837125e8e922347eb483bef78ee11

    SHA256

    217727249f5ec0ce572168d6bc1422af29d7ca0a5cab9d3a6571043eab1635cb

    SHA512

    bb0b48288ebbfad975c4689f2593d3e4bdcb897cb29b6ac38ecf7a8026b1e75f799e1667a1df039f147efc2a158cb405162246a2189db18737fc73ee22099364

    Download Submit

  • memory/4568-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4568-1-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-2-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-9-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4568-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4924-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4924-20-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4924-26-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download