Overview

overview

10

Static

static

10

2024-02-17...er.exe

windows7-x64

9

2024-02-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/02/2024, 20:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-17_6957c0c213d3a3dbf286d94b92a4ee28_cryptolocker.exe

  • Size

    44KB

  • MD5

    6957c0c213d3a3dbf286d94b92a4ee28

  • SHA1

    6aeab05ba777e3564772570f5ee05be90fc8f035

  • SHA256

    713f86158186fa6daabfbc64358c033b2ba1a03ad5967fa6c77710ad1db13247

  • SHA512

    a9ae2212a3f477e135b998f08621abe3590cafb163869a0a4ef8928599d04c478d4426c16b050e5c57a22935b16cdc01afc29ac7e2296d1e2565d876e03041b3

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedm+MyM:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+o

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-17_6957c0c213d3a3dbf286d94b92a4ee28_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-17_6957c0c213d3a3dbf286d94b92a4ee28_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:324
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          44KB

          MD5

          45afde454c1237c388702dc3d8dde0ef

          SHA1

          0379b87d41866ef06e9f219ce763f9d8efce266e

          SHA256

          239482f897b1739fb03094e70ba60e4213dcf3a58f22a6e7148214da8994dbec

          SHA512

          de57a2ee02d781b419c01f8443e6f8477c08eed4f3ab904464e6983f1ec6958e9383ecbcbe3cc6fa301c6ea04e826719d0cc906c31290e4996ce9b6031cd97e2

          Download Submit

        • memory/324-0-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/324-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/324-2-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/324-3-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/324-18-0x0000000000500000-0x000000000050B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1516-20-0x0000000001F50000-0x0000000001F56000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1516-19-0x0000000001F70000-0x0000000001F76000-memory.dmp

          Filesize

          24KB

          Download