Overview

overview

10

Static

static

10

2024-02-12...er.exe

windows7-x64

9

2024-02-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-12_737ee7c94311229e69b7103add38ada8_cryptolocker.exe

  • Size

    60KB

  • MD5

    737ee7c94311229e69b7103add38ada8

  • SHA1

    ad9b14f4754c7323aa8c76eccb43ec7a30f564c9

  • SHA256

    d6702faea4418978d5be50598542b8c6a54919bae074fd5fbf91e1545c1118ff

  • SHA512

    22a1a6e8f55ea064ef900225275452478c87cb0ce1de4fde57592154323dbbc1b90e4f7cf818456c795bade2017edf5f1ae04d2bd29c170f7b081f3802669f4d

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBccD2RuoNmuBLA+Nb:X6a+SOtEvwDpjBrOL

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-12_737ee7c94311229e69b7103add38ada8_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-12_737ee7c94311229e69b7103add38ada8_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    60KB

    MD5

    ef2496cf653b653c0e4395c46d1b5163

    SHA1

    1c80f80e3cb58cdca5962652536ca2ece7d3cd05

    SHA256

    e6a9fbad477fb105f8c0d63530e97ae43d6609c978e1360cfe09d68acdf56f84

    SHA512

    c38fa3a639ebfe5f5b2fe99f76724d3ec2343d388725f005fc721b31ac43f5e79cb012c950537435cacf22eca42bef97b99bdd809451d304cff5abc65aa8f28e

    Download Submit

  • memory/3496-0-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3496-1-0x0000000000520000-0x0000000000526000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3496-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4352-19-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4352-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download