Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-09-19...er.exe

windows7-x64

7

2024-09-19...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-19_3a3ad81d613c4780fc0438f7312ad555_cryptolocker.exe

  • Size

    62KB

  • MD5

    3a3ad81d613c4780fc0438f7312ad555

  • SHA1

    19229962cd1b57df762f7d29736c8eca378032d8

  • SHA256

    6d196f2efd9a0724455ef27dcb4fe050eefb03f6d0a56279b4e23c09daeadfea

  • SHA512

    635fb4d6ba678a54656c16a2ff07c2863bf109e0c8a815dc2142261a887d3fca935eff8c911bf5a1b4d5560ba2fe006ca1b10d094fc390d611a35c461dfdf55e

  • SSDEEP

    1536:Dk/xY0sllyGQMOtEvwDpjwycDtKkQZQRKb61vSbgg:DW60sllyWOtEvwDpjwF8J

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-19_3a3ad81d613c4780fc0438f7312ad555_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-19_3a3ad81d613c4780fc0438f7312ad555_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    62KB

    MD5

    a37c9b55b678287e47909d581af2bec9

    SHA1

    e14305a13f54ed46d18444e2c7feed0cb2af9fc4

    SHA256

    5e6845955bfe8dac5afd424834dbe1ea537a81f04d2a05847ac2f42863786f0c

    SHA512

    3415f0c251d464b657cb516b8c56b97a7d2f377946bc348c29d0f0370ac9e00743e7aabfa77877f209ea3f05f27e52a1a13fa590a0dca284aec5c131fbe827d1

    Download Submit

  • memory/1772-16-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1772-18-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1772-19-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1772-26-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2220-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2220-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2220-2-0x00000000004C0000-0x00000000004C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2220-9-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2220-14-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download