Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-09-09...er.exe

windows7-x64

7

2024-09-09...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-09_bbd6744cd9a5bbba69cdc4deb79f8335_cryptolocker.exe

  • Size

    48KB

  • MD5

    bbd6744cd9a5bbba69cdc4deb79f8335

  • SHA1

    3763bcbce9a306b144a8c55d7e36661a98664d7d

  • SHA256

    bd8bf93d69532f6875045f7094852256195dbdc5aa98da5e5b3bec206f30071a

  • SHA512

    8a92dded2d2a38789b90a5a1f7592e2a6362ca9689b069a0cd79ab2db49a1808292b65ce2aba7ae017d40aa5dae49e9dfcb913f1ab8a0a752045a05dd7ef1d8b

  • SSDEEP

    768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPlAC:P6QFElP6k+MRQMOtEvwDpjBQpVX8AC

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-09_bbd6744cd9a5bbba69cdc4deb79f8335_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-09_bbd6744cd9a5bbba69cdc4deb79f8335_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    8b1c5ddc27a033b09422ad4d106fbe61

    SHA1

    3ccb96ac959457fbcb6360c8a98459931f995602

    SHA256

    aa8b4a8161e97162a75d336691dc48ff3e036f7e620cfd3e1197499f9aeae838

    SHA512

    e05d956b90bd4fa0937fba854723434ce325eb3b0f8e71e05881fd53d40d69a600cb6e53843325097584a040b53113a199e23e7254bb3a92f2b4b7e3a11d9cdd

    Download Submit

  • memory/2292-16-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2292-25-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2292-18-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2292-26-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3020-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3020-1-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-2-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-9-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3020-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download