ae93629476f5f42c497372253f14152e69d3f1c8e6655497033f77c79d7ad4c6

Analysis

max time kernel
0s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-09_c1f0a66f636d3b4844ed231ab515bb33_cryptolocker.exe
Size

46KB
MD5

c1f0a66f636d3b4844ed231ab515bb33
SHA1

b1126b7d4c8e6de44da0a624514a0fda1432dbb1
SHA256

ae93629476f5f42c497372253f14152e69d3f1c8e6655497033f77c79d7ad4c6
SHA512

46d6985bd34753f277f757a69b6213bd11b1192081e7778c889f03ffcf16d8e7710db8f74b368cd5d3bee8b291bc649bb97eb8e8ea43327caccc8ea4d7b51c0a
SSDEEP

768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05WtyU8jl:qmbhXDmjr5MOtEvwDpj5cDtKkQZQPdR

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	2024-01-09_c1f0a66f636d3b4844ed231ab515bb33_cryptolocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2024-01-09_c1f0a66f636d3b4844ed231ab515bb33_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-09_c1f0a66f636d3b4844ed231ab515bb33_cryptolocker.exe"
1⤵
- Checks computer location settings
PID:220
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
46KB

MD5
cd0077b41ce2f61daf75b1877e337be4

SHA1
0efac6ee90997bb3fa36e65468786edcc7d81aa9

SHA256
af95be761340c84afaf2a8313c0fbc8327fc4b7d4da0a8bc325a73e991ef10b2

SHA512
dfb6ac8c78f74836c8028583bc7e489a0d105c272510a6029295814bc507ed5706c2561fc5fa520e00123d689e1d9f5b89efa8ff19f75cec577709b61fac47c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
31KB

MD5
c378a0ef56485ca2a2f176612f7c2344

SHA1
3e768ce677242f60203311aae7c3a302166689df

SHA256
1d7abd3a3ab280f043674c1b13d12f5a2919b5b7da50967f69ff1484df89e4a0

SHA512
39fa1f76d89cf40af78563dc9b3366ab8df6b078e398122a86fb02e5717de594823494c5212ac04fe0c1357fa19cc2404db303858e9f5abc0db5c99aeefaaed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
11KB

MD5
c69a3ceefaea926640a588d834693b45

SHA1
d6104753d63e4ce60f8746a9d7f36502de2ffbd2

SHA256
5fd8fa1c304b63bd74be20b00f35c334f5a87feb621090870df928ccd7ce996c

SHA512
922637111d9d8c5d5632f0a24455bc263c4ae6838a64453ef3e4215ae275860e627752296b919d6ca7c6cdc76c5c89f05c74738e2f2ab708a84820b90f3442a1

Download Submit
memory/220-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/220-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

Filesize
24KB

Download
memory/220-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/220-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/220-17-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3232-20-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/3232-19-0x00000000005C0000-0x00000000005C6000-memory.dmp

Filesize
24KB

Download
memory/3232-26-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download