Overview

overview

10

Static

static

10

2024-01-29...er.exe

windows7-x64

9

2024-01-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-29_6911be18acb4f05d07895bb01321aa78_cryptolocker.exe

  • Size

    53KB

  • MD5

    6911be18acb4f05d07895bb01321aa78

  • SHA1

    386c260f4335d26b0ed94039331d0fa4946319cf

  • SHA256

    fde4adcd8e282a5cfd2fc91a3c48e711a22d5cf81c1113214023590fbfa676aa

  • SHA512

    884b97c16e6d63746f1fe1d67a2c5e3b6dcebc5b71e77ee49dba1684aa5184cc8ec1d28d1dfd13ae98f1aa4918c121dc8cc3a9ed7d95b714989b1bc774a66a3e

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylSV/CdS:79mqyNhQMOtEvwDpjBPY7xv3g8z

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-29_6911be18acb4f05d07895bb01321aa78_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-29_6911be18acb4f05d07895bb01321aa78_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    54KB

    MD5

    a03b9d0aa7f42fe5ff7b3ee880964957

    SHA1

    55b7e5e23775583d9316e52681a083e401728518

    SHA256

    6acc294a8ca5ffb802daa5b820752e18d72de297c081b8461424c94ddc279687

    SHA512

    8855c7874c8af4f55e678353f5bba9eec274e06e61fc72bd8ef9685dca3681f3d4de7a064f6dec416c220c249ed06e4def5bffba33ef309a6711bb5e4d7c1094

    Download Submit

  • memory/1952-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1952-3-0x0000000002100000-0x0000000002106000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1952-2-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1952-1-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1952-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4056-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4056-20-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4056-26-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download