Overview

overview

7

Static

static

3

2024-01-11...er.exe

windows7-x64

7

2024-01-11...er.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 05:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_5d71437166ce82fe43b8c671f0b0c382_cryptolocker.exe

  • Size

    93KB

  • MD5

    5d71437166ce82fe43b8c671f0b0c382

  • SHA1

    5f876e4872c649d3e3b51126e38106961fdbeec2

  • SHA256

    56951b71ee7700affcdb5b59d3a0c5b1fc9ca9542d4f094dbc14def52d7fc585

  • SHA512

    02713bb4bc1d7813bf0cde04719de84aa40baeefc0a7c595fe10a50c65bdc200567f9a1d26ba1089f778b88c922ee7e927c42d418fa51e6c65212eebaef82c6b

  • SSDEEP

    1536:26QFElP6n+gBQMOtEvwDpjQGYQbN/PKwNCN:26a+2OtEvwDpjtza

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_5d71437166ce82fe43b8c671f0b0c382_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_5d71437166ce82fe43b8c671f0b0c382_cryptolocker.exe"
    1⤵
      PID:1532
      • C:\Users\Admin\AppData\Local\Temp\asih.exe
        "C:\Users\Admin\AppData\Local\Temp\asih.exe"
        2⤵
          PID:1344

      Network

      • flag-us
        DNS
        158.240.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        158.240.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        emrlogistics.com
        Remote address:
        8.8.8.8:53
        Request
        emrlogistics.com
        IN A
        Response
        emrlogistics.com
        IN CNAME
        traff-3.hugedomains.com
        traff-3.hugedomains.com
        IN CNAME
        hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
        hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
        IN A
        3.19.116.195
        hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com
        IN A
        3.18.7.81
      • flag-us
        DNS
        3.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        3.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        180.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        180.178.17.96.in-addr.arpa
        IN PTR
        Response
        180.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-180deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        5.181.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        5.181.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        88.156.103.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        88.156.103.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        41.110.16.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        41.110.16.96.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
      • 3.19.116.195:443
        emrlogistics.com
        208 B
         4
      • 204.79.197.200:443
        g.bing.com
        tls
        2.9kB
         10.0kB
         26
        20
      • 96.17.178.174:80
        236 B
         7.5kB
         5
        7
      • 96.17.178.174:80
        248 B
         5.0kB
         5
        5
      • 3.19.116.195:443
        emrlogistics.com
        104 B
         2
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.4kB
         8.2kB
         16
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        41.8kB
         1.1MB
         833
        827
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.8kB
         9.2kB
         18
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls
        1.8kB
         9.1kB
         18
        13
      • 3.18.7.81:443
        emrlogistics.com
        156 B
         3
      • 8.8.8.8:53
        158.240.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        158.240.127.40.in-addr.arpa

      • 8.8.8.8:53
        emrlogistics.com
        dns
        62 B
         192 B
         1
        1

        DNS Request

        emrlogistics.com

        DNS Response

        3.19.116.195
        3.18.7.81

      • 8.8.8.8:53
        3.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        3.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        180.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        180.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        5.181.190.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        5.181.190.20.in-addr.arpa

      • 8.8.8.8:53
        88.156.103.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        88.156.103.20.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        41.110.16.96.in-addr.arpa
        dns
        71 B
         1

        DNS Request

        41.110.16.96.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        216 B
         158 B
         3
        1

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        124 B
         173 B
         2
        1

        DNS Request

        tse1.mm.bing.net

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1344-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1344-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1532-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1532-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1532-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

        Filesize

        24KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.