Overview

overview

7

Static

static

3

2024-01-11...er.exe

windows7-x64

7

2024-01-11...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_1b3e6d27aa5faaf6790b38cd352065fe_cryptolocker.exe

  • Size

    58KB

  • MD5

    1b3e6d27aa5faaf6790b38cd352065fe

  • SHA1

    03d8a8f9c19a90eb496f7824050c39ee752220d7

  • SHA256

    014319e44bfa9194428f7068d65eab73f99f5341093effdf2ff8123f67a4a896

  • SHA512

    e431dfad15e481daefa6ca2bfdbb10ebb6ee0569bb608b80c52fbc2bfd2805782d2216cd4253265af59c8934af98721914dca5a432c68934c3538d90522ac515

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPt547/Gfx:V6QFElP6n+gMQMOtEvwDpjyaLccVCbmx

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_1b3e6d27aa5faaf6790b38cd352065fe_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_1b3e6d27aa5faaf6790b38cd352065fe_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    42KB

    MD5

    ef08f043bd6c11f32ec267eba44e0d04

    SHA1

    0b174d58d92fe23925f1cb6f68dc7c02203dce91

    SHA256

    16ac8b18099c7769f9ea766b6ff56f6ca4dd7ce29f6166b23f410ac1c09db273

    SHA512

    1ded273614aa5fe1b0084392f0a7c629717655578e7c78fbe27f4218ed0c29803e084a6bb5800e97ce1dce68807f28822629dc5339530e6f9999e94c4b169642

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    58KB

    MD5

    be8194e1226398118b587afd4cc77b55

    SHA1

    0924a8c7532f10090e15c34deb0b0502cc0bfd17

    SHA256

    7c3b64ec6632cb5e18dbfc739d5cc5eb32e151c1359d896bb1541fedaf053a67

    SHA512

    03afacc414cac00d60424a4afff8f207362c81433d8b7a66f1134f003e54852eb25f907213b4388512e598ef463a0fce3ab0756e0deb0e64197f01f26532d4ed

    Download Submit

  • memory/2004-21-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2004-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2144-0-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2144-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2144-2-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download