Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2024 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_4e19ca07bc1e6582db3b9e49c8d49d81_cryptolocker.exe

  • Size

    36KB

  • MD5

    4e19ca07bc1e6582db3b9e49c8d49d81

  • SHA1

    590d339d2f6d95c5672144815c2f2f9f2a7ae594

  • SHA256

    e0fefb76f1251651d459648025a6ef32c0dc6708bb9ed510baea803f61504d69

  • SHA512

    78b78800d7c9925846353ce3d54c10fed97a19100f50af31cd6a729dfe123aa0e0a04c7ea031fe26a9cab71d2aaac017766ded590e714e2d12b1f5f5bae965a3

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf0w3sp8u5cZnr:bgX4zYcgTEu6QOaryfjqDDw3sCu5i

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_4e19ca07bc1e6582db3b9e49c8d49d81_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_4e19ca07bc1e6582db3b9e49c8d49d81_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    36KB

    MD5

    fa034a0ff77c775c3a90dd83a2e5e81f

    SHA1

    8a09b06dc4e228fa47cb273f8fc6c4052db4c996

    SHA256

    f7e333041d7236c499b5a5eb288225fcab609d65393a8c4905200c199d6f326a

    SHA512

    242c02038cc641ee9215f1ef0d1e959f0a647644660d1560699742f29099d8572afcee20206b271615b9054e26932fa3ff659b6a4db7f63aff2bd7f48fc2f07b

    Download Submit

  • memory/2332-0-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2332-2-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2332-1-0x0000000000420000-0x0000000000426000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2712-15-0x00000000004A0000-0x00000000004A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2712-22-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download