3e3ebfa913f928bae402b3f3cd90a63af5038bba76580d07b936b8bcd7349bd7

Analysis

max time kernel
0s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_149eac0fa5e1c97215f7ab19ebd2a5ad_cryptolocker.exe
Size

37KB
MD5

149eac0fa5e1c97215f7ab19ebd2a5ad
SHA1

5eda0e91a7da3f3e36f750d10e92993ae7973ef2
SHA256

3e3ebfa913f928bae402b3f3cd90a63af5038bba76580d07b936b8bcd7349bd7
SHA512

aedc42ca445ef336b50644a8efeab645c4797cb0673ef1677766a631608ea030538774386f7c4c40dab050a318fba06ab648ba037332def3db144323124be415
SSDEEP

768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjeJQLI3Jnoehy5s:V6QFElP6n+gMQMOtEvwDpjeJQy1hye

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	2024-01-09_149eac0fa5e1c97215f7ab19ebd2a5ad_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-09_149eac0fa5e1c97215f7ab19ebd2a5ad_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_149eac0fa5e1c97215f7ab19ebd2a5ad_cryptolocker.exe"
1⤵
- Checks computer location settings
PID:552
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
10KB

MD5
c31f4da4c85e726fb392871a4020638d

SHA1
b5fdd7f823c74e05ca1bade55f8aa52c1246ef3d

SHA256
37417193dca4437ee2d1bbda69703d9e4101fadf9ae3e857282c09cd021889f2

SHA512
1b4ab46e056b3939263fcf6986e2abea45b4df5d76964da1d1f0ad6e03a373a860e4043237eef868a070f425a417a795879bf90e55abfa3b486d2629f369c687

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
4KB

MD5
fd6bbe72dc1c99e443b9b5bd385f2e4d

SHA1
3a4177048667948750f51287bb94e49dcce16ac6

SHA256
e681b97e0e67c9ab9fd77175124c7a6c23215baf741cc6e14930bda9cfd51fa1

SHA512
f2241d433458978db29440236e31fef175046818671159ccd6bb2fc5c3d95d3ee6497b698761283bc5a3a0885f03bb2928173c5dabb3d1cd69fe0a6fec4c5ed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
38KB

MD5
84e4fede237d4e94c682573c6ddc93f0

SHA1
06dc45a7dffaa985728744daaf39b0efcaeb7be2

SHA256
d08903685d2a0f16e0f38fdb854a6d2c57d705e08c876d04775e119c18ab7861

SHA512
c373d52bc34e275ebb54e52183be1fae13a51f1775efe6eaddc0d3d998b0858b47b0ed667b52fc8b6b4d76d16be48c8b7123c42f9ff6da2ac0b64f37671600f0

Download Submit
memory/552-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/552-2-0x0000000000750000-0x0000000000756000-memory.dmp

Filesize
24KB

Download
memory/552-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

Filesize
24KB

Download
memory/5088-20-0x0000000002050000-0x0000000002056000-memory.dmp

Filesize
24KB

Download
memory/5088-17-0x0000000002070000-0x0000000002076000-memory.dmp

Filesize
24KB

Download