Overview

overview

10

Static

static

10

2024-02-17...er.exe

windows7-x64

9

2024-02-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17/02/2024, 19:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_efd8665c40d6a46e2a93b1e67fa9ed61_cryptolocker.exe

  • Size

    88KB

  • MD5

    efd8665c40d6a46e2a93b1e67fa9ed61

  • SHA1

    253dc199ceec1cb400928dfaf379dc84ff85609a

  • SHA256

    99ca22f4cc833f785c425efde045514f4b70586641a80650304db2eafc81ffb0

  • SHA512

    e43e3c5b66c1cf6df1c96910ed906412c08e34ec75494cb5669783da1129bf053dbc8c5c25162f4905d373b7807737939f94d1f46a35272a72c3590e51944ffb

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwMgLZ:AnBdOOtEvwDpj6zh

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_efd8665c40d6a46e2a93b1e67fa9ed61_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_efd8665c40d6a46e2a93b1e67fa9ed61_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2676

Network

  • flag-us
    DNS
    emrlogistics.com
    asih.exe
    Remote address:
    8.8.8.8:53
    Request
    emrlogistics.com
    IN A
    Response
    emrlogistics.com
    IN CNAME
    traff-5.hugedomains.com
    traff-5.hugedomains.com
    IN CNAME
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    34.205.242.146
    hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com
    IN A
    54.161.222.85
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 34.205.242.146:443
    emrlogistics.com
    asih.exe
    152 B
     3
  • 54.161.222.85:443
    emrlogistics.com
    asih.exe
    52 B
     1
  • 8.8.8.8:53
    emrlogistics.com
    dns
    asih.exe
    62 B
     192 B
     1
    1

    DNS Request

    emrlogistics.com

    DNS Response

    34.205.242.146
    54.161.222.85

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    88KB

    MD5

    3c657765ee8a7bbd6900bf1b616f2221

    SHA1

    3438d991fff5a17b0b57ddef454ea256a070d68c

    SHA256

    9e4ba842049e10e380766098ef0e593e54fb189255710633c6b504642641357f

    SHA512

    c12ea13f0371c099d139c9ae68d64bdf5d5c280b09fae33b25ba6eb55ab34e76d9406ac8e299fcebae8ae47df63104f48995f79b35765b60fa863fcacb2b0e06

    Download Submit

  • memory/2380-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2380-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2380-2-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2380-4-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2380-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2676-16-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2676-18-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2676-24-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2676-26-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.