Overview

overview

10

Static

static

10

2024-02-17...er.exe

windows7-x64

9

2024-02-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17/02/2024, 23:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_d1abcd90da09ab6cd0af47bbd22d5675_cryptolocker.exe

  • Size

    44KB

  • MD5

    d1abcd90da09ab6cd0af47bbd22d5675

  • SHA1

    67c6650776f408243a1c172c641039a3eeb25ff7

  • SHA256

    7675ac27c8bb7ff016a734210c004ff040183704179d954679faa3721ac75105

  • SHA512

    0d6933c6620d28c2a47ee01dea8c7abbd8b3c2a4c9bda441a1a6c12e9d487643cf85c46b0335a9d8e613b9327c15f4243df62feff86a525753488a3dc0f1cd5a

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedm+YUS5I7xt:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+P

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_d1abcd90da09ab6cd0af47bbd22d5675_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_d1abcd90da09ab6cd0af47bbd22d5675_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          44KB

          MD5

          44f5f54417aa97b4146c502a9b766460

          SHA1

          6fa06ae526fd79c47b7ee68cb488749928bd95a4

          SHA256

          e76108bb9c51dd1698ff7dbe99b86a93b6d0cd2e4f60f34382b322edd72e89d9

          SHA512

          49476be5be1a6a1d8556e504ebc77545a849741f11e8bc25e96611c93bcfff45f670815f6aac936199fa951e89f7c0e85900d62fcc301e06c075472ed9749f7c

          Download Submit

        • memory/1884-17-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1884-18-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1884-19-0x0000000000270000-0x0000000000276000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2224-0-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2224-1-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2224-2-0x0000000000450000-0x0000000000456000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2224-4-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2224-16-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download