Overview

overview

10

Static

static

10

2024-02-04...er.exe

windows7-x64

9

2024-02-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 03:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-04_3008af2db87440e03f2ead4c69547c55_cryptolocker.exe

  • Size

    73KB

  • MD5

    3008af2db87440e03f2ead4c69547c55

  • SHA1

    930cffac1a44008c02f64c26c8ab8198dd8f89f1

  • SHA256

    d842f72f58f97ed48034e1e7e26eecb15b1751e961df2221fc160d786f8e9a8d

  • SHA512

    817c65b4bee01909099b2ec0391bad53cd0984957a551b8e2b67beabde6d4cb778a1e9ad166b4bde591368c8c87750c01d4ad1a39fdd77392a32b550a44aa203

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1sy:X6a+SOtEvwDpjBZYvQd2N

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-04_3008af2db87440e03f2ead4c69547c55_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-04_3008af2db87440e03f2ead4c69547c55_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          73KB

          MD5

          d9379cfc8f793e46be002962f5c7d94d

          SHA1

          37c2e6c4d648a32819a85313765d868a7bf00ca3

          SHA256

          6712bb66cab021beab9342c7d1b5b292503f8ae66f48d993fa7348175f2c98ff

          SHA512

          9d7fc8b00b474b3f118e120ae8d93d787c8246f6a7ba5363917fe662849ff8b537e88855d18daf1e739a4877a6fc358960a9eb79201e450ba8da029784df2849

          Download Submit

        • memory/2316-15-0x00000000005F0000-0x00000000005F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2316-17-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3056-0-0x0000000000300000-0x0000000000306000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3056-2-0x0000000000300000-0x0000000000306000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3056-1-0x0000000000340000-0x0000000000346000-memory.dmp

          Filesize

          24KB

          Download