Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-17...er.exe

windows7-x64

9

2024-06-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 02:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-17_e4d4a2c0d14559aadb6ba1977b781d49_cryptolocker.exe

  • Size

    49KB

  • MD5

    e4d4a2c0d14559aadb6ba1977b781d49

  • SHA1

    d6b152aa3f8f259b7c47b96cfa34c2d6c219dfaa

  • SHA256

    b1c9c340c07d9053d8f2d1baa245d017e861c94f123c23857201349090e1c093

  • SHA512

    818c1accdf749f187ef3b9a63a4b8e718dddf023be22b99efb58d804683273e94e037fc2c82c9c0bae3deecf2c2440754379193543a1cc04995bf1f082a4d644

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sf88AvvP1oghYvm9/6D8jnPx9UnuDLlD+w1:bIDOw9a0Dwo3P1ojvUSD4PInyDP

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-17_e4d4a2c0d14559aadb6ba1977b781d49_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-17_e4d4a2c0d14559aadb6ba1977b781d49_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:3068

Network

  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
  • flag-us
    DNS
    2ndry.com
    lossy.exe
    Remote address:
    8.8.8.8:53
    Request
    2ndry.com
    IN A
No results found
  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    275 B
     5

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

  • 8.8.8.8:53
    2ndry.com
    dns
    lossy.exe
    220 B
     4

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

    DNS Request

    2ndry.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    49KB

    MD5

    45c11bfe8255a3f9ff6343c78ecd26fc

    SHA1

    1efc5bd762922deb0672d3c6a872d225a0775679

    SHA256

    938522900dd76cbdb86646633b1e3d66add80ac6c4e229c8a0531435f0f02c32

    SHA512

    3758808132b3a5c98a029dcce9b90d5db02bb4031831d5c745f2db786cc09e52d8ecc35df2637033f23cef48a4f5b5d2af9ccc50d4ec5861b36fb4995484aefa

    Download Submit

  • memory/1116-0-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1116-1-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1116-8-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3068-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3068-15-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.