Overview

overview

10

Static

static

10

2024-01-18...er.exe

windows7-x64

9

2024-01-18...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    173s
  • max time network
    208s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2024, 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-18_b67ee2350bb6a071ce88cb2dec415273_cryptolocker.exe

  • Size

    44KB

  • MD5

    b67ee2350bb6a071ce88cb2dec415273

  • SHA1

    ee8771584892e5ed3b89177063fef653bbb3ff39

  • SHA256

    7f3e9a53940d9e51dcf9585956ac67032e709cfe6f3d937310f054c172b1be61

  • SHA512

    4075cb847ce37086d785edcda60701ef023a19a81147fe7962e625bcd8e8c2e9cc589857f5610b7b11b439e872da8916a70e5aef1babc651242d4679fafcc5c4

  • SSDEEP

    768:bgX4zYcgTEu6QOaryfjqDlC6JFbK37YlPY:bgGYcA/53GAA6y37QQ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-18_b67ee2350bb6a071ce88cb2dec415273_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-18_b67ee2350bb6a071ce88cb2dec415273_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    44KB

    MD5

    c49b9cb5d0c2ec4f051ff909a98daf08

    SHA1

    5efd17d74f1b06a92f9181b4890d4df61d873e00

    SHA256

    0357935f6653e6216c6bf46c3c3f8af7457af343b50d6c8d187b9ba3a262d308

    SHA512

    72e84bb2eb997e780ad741609db7aea4f86aa72aaa0c9040b2bb1282ee853ba88aab31d546180df078c9c854360c52a7ada75f2072ac91040bcda48e936a4dc4

    Download Submit

  • memory/2592-19-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2592-15-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2708-0-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2708-1-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2708-3-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download