Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 05:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_bf83daf5f74be17801d2a22bf7fd93e7_cryptolocker.exe

  • Size

    49KB

  • MD5

    bf83daf5f74be17801d2a22bf7fd93e7

  • SHA1

    ab97ab3c22293a62a296341ea52e364954ba6da4

  • SHA256

    509ab923f7466871f32f64d07f8dc3b67ca1fa77547118f065d91a992da2a841

  • SHA512

    4f91fffe906c30e561468a43047e32a63d7861689be35fcd0ac3f84c03be5ceee6ca6efed0e7d1c2121f74c524a7d0ad0919d891dc8786ba0d220d9c5e2c9adc

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQ7suIlsw92KFXpQenhP:V6QFElP6n+gMQMOtEvwDpjeJQ7pojk0

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_bf83daf5f74be17801d2a22bf7fd93e7_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_bf83daf5f74be17801d2a22bf7fd93e7_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4440

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          50KB

          MD5

          0a841be1c1edebf91c3b8a0be82e8eb7

          SHA1

          bf0cac2d5ab95cd68eb586af9062b8e67e9992dd

          SHA256

          e2c1ee955e19659b2434125fca24a30ff4e2c695d694b12b55936446e3bc1417

          SHA512

          18017e1529c936ed8a2fcb1135712fcff8333dad744c7d569ac946e96472cb5f7aa6fbd42399b660ed91428e46ca1d34ef455f3fcf7669eb41e974717e4289aa

          Download Submit

        • memory/4440-17-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4440-18-0x0000000002040000-0x0000000002046000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4588-0-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4588-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4588-2-0x0000000000660000-0x0000000000666000-memory.dmp

          Filesize

          24KB

          Download