Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-10-18...er.exe

windows7-x64

7

2024-10-18...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-18_4c26bcb7d44cb55c76403d00de47a348_cryptolocker.exe

  • Size

    34KB

  • MD5

    4c26bcb7d44cb55c76403d00de47a348

  • SHA1

    61213cd1d0b67b9003fd3f72482d4f6a1f456baa

  • SHA256

    7502db8d32a964e9818fe64cd4c85f08dbc3847c1cd8666e421ad2c496083003

  • SHA512

    73d634dcd5f4860ce3217d5255c29533598bfb8b60e724733a766689812cfa200caba4837ebfd77c1a39756d49309e0eb5a7d0a1d0dda53ac5398df5e73c37d5

  • SSDEEP

    768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754X:bxNrC7kYo1Fxf3s052

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-18_4c26bcb7d44cb55c76403d00de47a348_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-18_4c26bcb7d44cb55c76403d00de47a348_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4080
    • C:\Users\Admin\AppData\Local\Temp\pissa.exe
      "C:\Users\Admin\AppData\Local\Temp\pissa.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pissa.exe
    Filesize

    35KB

    MD5

    270ea3418e9bcf79de2bd1a801889291

    SHA1

    ee473125ca45b0b7c8926cb0c4a5f4ca8539d376

    SHA256

    5a3151a0e6a7144ba3bc422bd53cbf7dbbbaae4b3518a708ffe991043c618d5f

    SHA512

    dc3d3f49d595cb6b9ae9f30a6f1d4eec95feb3beb50b1ed6f369caccfd7c488053b9012bff15ce139712be44fee2d8c95f12b12a59c89d7d6f47ee3b31fd560e

    Download Submit

  • memory/4080-0-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4080-1-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4080-2-0x0000000003150000-0x0000000003156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4760-23-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4760-17-0x0000000003010000-0x0000000003016000-memory.dmp

    Filesize

    24KB

    Download