Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 18:44

General

  • Target

    2024-09-21_184fbe66971ee9a30b23b39c65f74c10_cryptolocker.exe

  • Size

    70KB

  • MD5

    184fbe66971ee9a30b23b39c65f74c10

  • SHA1

    35c39fd08f189b5169362bdec6541b7d37cd9020

  • SHA256

    63c11c6d3bc5b54de8a5ae1ca2d955f85fef034f7f148e584136545d4236f909

  • SHA512

    59ff692b2ae4ef358e2d95b7809a9dd75a38e1b54efe08c4285ecc13942c69d1eef4b24f7cf8f005426397a1e7d68defb7409532c80f422c52022100bf5908af

  • SSDEEP

    768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRXrZSUNsYD/d3:i5nkFGMOtEvwDpjNbwQEI8UZD9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-21_184fbe66971ee9a30b23b39c65f74c10_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-21_184fbe66971ee9a30b23b39c65f74c10_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\misid.exe

    Filesize

    71KB

    MD5

    56c1b6af5670a860af8cbe59b28c75a0

    SHA1

    5aeb5b558c19c7ac3f1ae54da0ff08074198357d

    SHA256

    c1e67f818172ab6c21294434acffcf243789f9e1a001b247935dbe6960b6ebfe

    SHA512

    3d12353f4e3648aaa4b1128a51ede801038f718c205b752908ae7410ae4c2061ea38d36357be1382e5b5afee8a02682dfb83ec9e3220fc01c7f41d7f064bca7b

  • memory/2080-25-0x0000000000250000-0x0000000000256000-memory.dmp

    Filesize

    24KB

  • memory/2080-18-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

  • memory/2080-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2336-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

  • memory/2336-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2336-3-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

  • memory/2336-2-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2336-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB