Overview

overview

10

Static

static

10

2024-02-17...er.exe

windows7-x64

9

2024-02-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-02-2024 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_db2e85404fec0cd1cf220b37c9790158_cryptolocker.exe

  • Size

    74KB

  • MD5

    db2e85404fec0cd1cf220b37c9790158

  • SHA1

    01cc71ee55884e31cca7db51cc169a60e6e322c1

  • SHA256

    2aeb2212966af127ea36c8c7381493fb89725ae90d8d69a0f016ed97c927e7a5

  • SHA512

    fbe9283e5c5567d25c1e1bedd54629787b3e6f8513e9e324f6c0d5e0447d7885192c93630b3405f128816c4bb0087f40a7d083a012a3654262450bdff9c202fb

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1co:X6a+SOtEvwDpjBZYvQd2L

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_db2e85404fec0cd1cf220b37c9790158_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_db2e85404fec0cd1cf220b37c9790158_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    98bb3f1615a87f8b3b46272108158012

    SHA1

    b327c613c358e116f356a26712c109de70359f46

    SHA256

    4252d18546fe2844574c342fccc44703113f123a42027ae86cd3c03ce724d535

    SHA512

    076a9cf5dd28af15add5e76ed029dd7f641580b77190fb520c0bf289bdb9b5d991336ff7388730fbaa215164c1a92f529e930e8016c03f9ffa72d6fa88bb9a05

    Download Submit

  • memory/4172-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4172-22-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-0-0x0000000002190000-0x0000000002196000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-1-0x0000000002190000-0x0000000002196000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

    Filesize

    24KB

    Download