Overview

overview

10

Static

static

10

2024-02-20...er.exe

windows7-x64

9

2024-02-20...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-20_0be75da12150ef1f543b46b127b6e5c2_cryptolocker.exe

  • Size

    41KB

  • MD5

    0be75da12150ef1f543b46b127b6e5c2

  • SHA1

    8012d75477cc8da8fff7b12c12aefee502e42de5

  • SHA256

    13af02c809fa00cc85cfdd700443d3ead7ec6df114ceb74e3bf32219d3d3cf62

  • SHA512

    8b747e672a9da8cb1787b1156121b9a5a57be8ec973ccf8efa8c065ab0c9bf7b3520eacf8610fdaa5a63ff9db2fcc645d7e3efeab8ffb175ff6a2a4603db69d6

  • SSDEEP

    384:e/4wODQkzonAYsju5N/surDQtOOtEvwDpjqIGROqS/Wcz0BVFHxzG:79inqyNR/QtOOtEvwDpjBKcmfxa

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-20_0be75da12150ef1f543b46b127b6e5c2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-20_0be75da12150ef1f543b46b127b6e5c2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    41KB

    MD5

    3c7b66864f972c01765cf9c0711659a5

    SHA1

    01d2fb7c7e5db2e2cb889082611b8904a94b2c38

    SHA256

    a8d432182a0ac8980525906391f907ee4003664f1c4ed5063be7a08b21e72be6

    SHA512

    b64bfc44361c94e1797a6d8a0e6b0b6a6d314c60934cb855db0e14d510e65fea1412377f6d172af33c6103e73f6ae59b767cd1388983bdc331d742ce0a1a0370

    Download Submit

  • memory/2416-19-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2416-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2416-21-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4588-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4588-1-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4588-2-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4588-3-0x00000000021B0000-0x00000000021B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4588-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download