Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-30...er.exe

windows7-x64

9

2024-06-30...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 00:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe

  • Size

    78KB

  • MD5

    7a4fdbb13c66da86c2308f753d70ecf0

  • SHA1

    1341605a37ce997c03c102024cd41f58d5a0be03

  • SHA256

    af9cb155fde17b6540e2f75c6db9aa5f77ad874767e2ea9f95e54c6330f09925

  • SHA512

    b178abeb9a411ffaa0d4c6a62d94e80dac4b32f5c076e1aebbc6ae5d585123cc13500f8fd975be7a1bfe37aa068a94f201c029c012d15d7d93c22e5877cb7d2d

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1rHsoLkt4:X6a+SOtEvwDpjBZYvQd2d

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:576

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
     5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    310 B
     5

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    248 B
     4

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

    DNS Request

    emrlogistics.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    79KB

    MD5

    f6fe3ebcb8f6f375768ef4eb47c089da

    SHA1

    f4e4535e6002235241f93e18f41e885c8f3e72f9

    SHA256

    9d759d935046a4ef64dd0ae4af747258cc0252aa1a69fec656e7c1ec69c4f82b

    SHA512

    8bfdd463ce67096fe8865b84ffe9a9ae731deb80ae0a9b010ccc1f857c101e26c2f6a9f0421803d0fa07b36433a79ae314fb39b6517d3d8b232cccbf81fa1df4

    Download Submit

  • memory/576-17-0x0000000000650000-0x0000000000656000-memory.dmp

    Filesize

    24KB

    Download

  • memory/576-23-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2852-0-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2852-1-0x0000000002070000-0x0000000002076000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2852-8-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.