Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    197s
  • max time network
    216s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-01-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_60f0d23849700a1da8a2190b320f1970_cryptolocker.exe

  • Size

    33KB

  • MD5

    60f0d23849700a1da8a2190b320f1970

  • SHA1

    6b0e4c66fa7c585c8faad7de80fc88995187859f

  • SHA256

    0610f04318ef565dfd5011dd33c6e56408606594b1d1eeb4d8a28e8812252358

  • SHA512

    91b9b46bc0fd1fdcb88db66c2b052aebc8ab8300496827583e107751d67548a86f5d619fccc9c6aaa6ffb4928042504e8e9a54da0329f243c056f77291f7f782

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUgIunIVpeNAzX:bA74zYcgT/Ekd0ryfjPIunqpeNAj

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_60f0d23849700a1da8a2190b320f1970_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_60f0d23849700a1da8a2190b320f1970_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:1064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    33KB

    MD5

    edf6f0cbeba7a259a44be09d9b1836c0

    SHA1

    f576fdc6913ac886f6161994540c9fdc2b4da240

    SHA256

    6e8b15aa0612af3ac4d05917b8217cb053f96c01a281447c264ce576df7fc731

    SHA512

    ce68dbe3fbdd48cd876170164b4183ec1b07a6e5bf78538f347fb09eb473b37fa3b3ccca6a5bb319cb14cbef56360db5a248a61e967d2278fcb3ea716914226c

    Download Submit

  • memory/1064-18-0x0000000002D60000-0x0000000002D66000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1064-17-0x0000000002ED0000-0x0000000002ED6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4036-0-0x0000000002090000-0x0000000002096000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4036-1-0x0000000002090000-0x0000000002096000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4036-2-0x0000000003010000-0x0000000003016000-memory.dmp

    Filesize

    24KB

    Download