d9c3ece47f56ead85e8a7b2a34308ad4d78c6997ae9b919994081678c8b45d89 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

2024-01-03...er.exe

windows7-x64

7

2024-01-03...er.exe

windows10-2004-x64

3

Analysis

max time kernel
0s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 15:13

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-01-03_1be932ce9c3b197201e2311e41d33004_cryptolocker.exe

Resource

win7-20231129-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-01-03_1be932ce9c3b197201e2311e41d33004_cryptolocker.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

2024-01-03_1be932ce9c3b197201e2311e41d33004_cryptolocker.exe
Size

36KB
MD5

1be932ce9c3b197201e2311e41d33004
SHA1

3eca65bc8e1d9e32214f0cc0a09a78e00ab45257
SHA256

d9c3ece47f56ead85e8a7b2a34308ad4d78c6997ae9b919994081678c8b45d89
SHA512

9ffc009aed8d9ef8a3ad38cd79dd94b21fec92bd8bf567cb2daa1c47b75914f67ee5cfdc32bd18f67a5fe9fb1a7722a6dd9d782e1cb9f8f0579095480a0db7f0
SSDEEP

384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf0w3sp8u5cZ9sR:bgX4zYcgTEu6QOaryfjqDDw3sCu5ZR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\2024-01-03_1be932ce9c3b197201e2311e41d33004_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-03_1be932ce9c3b197201e2311e41d33004_cryptolocker.exe"
1⤵
PID:4732
- C:\Users\Admin\AppData\Local\Temp\hasfj.exe
  "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
  2⤵
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
35KB

MD5
6588541299dddc7ce09e56dc632de68e

SHA1
89ef4851eb62bd943d01df7a0e4d27ccf0e08f4d

SHA256
fd220cdf77a4a918145826eee3efc02c4e6563efb3399e7e26485f98eba2e7f7

SHA512
ecb128329f93922d94d65b8094a9a380fb6f7c9d39641c43266142e154324122512f0a8d5f13a40b3feb39691f48149e44ad3fde159a178840eb94122411b46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hasfj.exe

Filesize
37KB

MD5
a8567e00569910fedbbfe25540f2fa0f

SHA1
a8929277238aa143f37ab946d088715076bfaf4b

SHA256
ead2ce6df33a8a5939a8dc535332bfa4cb7a5b67aa3bf084097b5397a7222948

SHA512
996dfa58b65b9055b4f0617fc65afa9e9ba537911c1299a4a90fef7c3cab869d6ffec23b87151e3be2fc7554138b11ce1d5c343ddc38c081f27b58ccfb26bed8

Download Submit
memory/2884-18-0x00000000005F0000-0x00000000005F6000-memory.dmp

Filesize
24KB

Download
memory/2884-17-0x0000000003010000-0x0000000003016000-memory.dmp

Filesize
24KB

Download
memory/4732-0-0x00000000022D0000-0x00000000022D6000-memory.dmp

Filesize
24KB

Download
memory/4732-2-0x0000000003150000-0x0000000003156000-memory.dmp

Filesize
24KB

Download
memory/4732-1-0x00000000022D0000-0x00000000022D6000-memory.dmp

Filesize
24KB

Download

© 2018-2024

Terms | Privacy