Overview

overview

10

Static

static

10

2024-02-19...er.exe

windows7-x64

9

2024-02-19...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 05:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-19_a6045f83b2b9524b9f07487bfc7017ef_cryptolocker.exe

  • Size

    30KB

  • MD5

    a6045f83b2b9524b9f07487bfc7017ef

  • SHA1

    ce48251b1480c921f363308cc381c50ead76ec96

  • SHA256

    68aa37c3533154a3f9487728d775bf16fbc2ec48ef748b03fc61eb21be31648a

  • SHA512

    0d9650e031a87b13ef598686f0f4cd5f9cea343e9be2388c01c6247a95ad14f4e9425eba001e0f5c5094131e8029e0e51a657e0aec859b2f4d9f82160d3f6d77

  • SSDEEP

    384:bA74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUr766SJ5S+z/T:bA74zYcgT/Ekd0ryfjQRSnrjT

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-19_a6045f83b2b9524b9f07487bfc7017ef_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-19_a6045f83b2b9524b9f07487bfc7017ef_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    30KB

    MD5

    9e5c3cbb0836f8a20248b5e834aeeff9

    SHA1

    9aed582a85879b4f9d1386984206a633c72c6e45

    SHA256

    b35af51b98bd57f50e90287f322101e5ae12da9bb3766919c994b2d498abafc2

    SHA512

    c39ec65455ec42d99960e96585d6bb360f6fee446bafd6aa7796a87991133a25e3a0a36e89c2602dbac103a11a7b4e86cc03ada4caf583a307e527c50bc492e0

    Download Submit

  • memory/2060-0-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2060-1-0x00000000002A0000-0x00000000002A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2060-2-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2876-17-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download