Overview

overview

10

Static

static

10

2024-01-22...er.exe

windows7-x64

9

2024-01-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 16:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-22_196b42c6b3f97ae7cc12511d2a59d2ee_cryptolocker.exe

  • Size

    72KB

  • MD5

    196b42c6b3f97ae7cc12511d2a59d2ee

  • SHA1

    8cec5a2cc00da5b0cd7a8d6d9c88ff16e6c7fc1d

  • SHA256

    acc349fba2cc4efe4fd2319436580729bf122d8382b6c50137952495b1bd06c6

  • SHA512

    d4b7ef3c61de1ea40bf336a9b4b94ec83511ddb99457ba3ccfab4a8547c1522a26e2b628ec0402562df378e17ce5f7c1146b9c8ac2682d4eddf7003ec34da0a8

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1RM:X6a+SOtEvwDpjBZYvQd2m

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-22_196b42c6b3f97ae7cc12511d2a59d2ee_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-22_196b42c6b3f97ae7cc12511d2a59d2ee_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          73KB

          MD5

          9af352d58b6d88df9929b3f0448609bf

          SHA1

          12315502225a9231b4e42afac27c31bc36944c09

          SHA256

          6a9072e567c98538ec4b437b0b3811bf80d17c610e6665986d0250c6d80f07aa

          SHA512

          abb18c2ed853497a06cb4144a68967ff9666985bf5771bb00f7626c9b4a9b2653ff90ee06cdc9af3ec21332e345f564adc1e9915c7670a8ded8b5a42cac9ebc9

          Download Submit

        • memory/636-17-0x0000000000650000-0x0000000000656000-memory.dmp

          Filesize

          24KB

          Download

        • memory/636-19-0x0000000000630000-0x0000000000636000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1856-0-0x00000000005F0000-0x00000000005F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1856-1-0x00000000005F0000-0x00000000005F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1856-2-0x0000000000610000-0x0000000000616000-memory.dmp

          Filesize

          24KB

          Download