Overview

overview

7

Static

static

3

2024-01-01...er.exe

windows7-x64

7

2024-01-01...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe

  • Size

    71KB

  • MD5

    f2251bae659c8bac534ce49ec4b33055

  • SHA1

    38f4dc5a88d2d27a85e7261d9df6d600e6e11ad2

  • SHA256

    a0d59aad6c681d036f48bd28866adbfae5e05890a750187a4c8040cb25f73fe0

  • SHA512

    cd0b227e9cd08a8dfb64453eec6d863ed94b4f9e30973d54476adb2067dffc5f925ab785ba3b4111d6e022fca1b11f433ee0ba001d9ac98afe23089bfe328bb5

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1h:X6a+SOtEvwDpjBZYvQd2h

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    "C:\Users\Admin\AppData\Local\Temp\asih.exe"
    1⤵
    • Executes dropped EXE
    PID:2820
  • C:\Users\Admin\AppData\Local\Temp\2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-01_f2251bae659c8bac534ce49ec4b33055_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    71KB

    MD5

    3a81720924e5ca42dc03ac539e746be1

    SHA1

    62d946a4d4c37e3df9ec543a6e23410b57935600

    SHA256

    c754d58de6a35ba34a3304b850ce0b4848c1ae267020c714c96a6583a9b03e20

    SHA512

    2e6f91cecfe523ad5fd57c54d2344232ac0e3277fa05359ecac9e639c5257009d7aadaf425610391fe87e855832724fd5a254bb69e07b7de12c5f69eabdb126b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    1KB

    MD5

    8e51d16953e4694da7d5bb19ed880d84

    SHA1

    348adc5291a275c87198ba80f929f3d1528036c2

    SHA256

    64671f22ae537f8af697dac99f8c892b1e698d7beec13b972980bd71e0d8a1e0

    SHA512

    97b37c6419953ff2183365e4f994b6d7664bbc71e57373ccd1347b2355de7dfca810d6e0b3826eb7d787fbea08f0b393388afb21f498f8d26b30862f09136d1c

    Download Submit

  • memory/2516-2-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2516-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2516-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2820-15-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2820-22-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download