Overview

overview

10

Static

static

10

2024-02-21...er.exe

windows7-x64

9

2024-02-21...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    21/02/2024, 11:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_9da8be0bdc10b2462d5bafb7ff2980fc_cryptolocker.exe

  • Size

    35KB

  • MD5

    9da8be0bdc10b2462d5bafb7ff2980fc

  • SHA1

    55adef05ad6b20b27068602d9611d6c8debf89cd

  • SHA256

    933a3b8a09320f9be9cab6067c9f56bec0ffb2357ba36332be5b1d8029b05723

  • SHA512

    14ab33b68c766ab711a297d7a55c101dc26d5ebb8246e4abc2a44b225cacba5d615d8dc3daba2cb291d0e9b41904fb95437af923667915f06a0d09e2fc526e81

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVajSKm5uhy7O4JQ:X6QFElP6n+gJQMOtEvwDpjBcSKm5uhw6

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_9da8be0bdc10b2462d5bafb7ff2980fc_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_9da8be0bdc10b2462d5bafb7ff2980fc_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          35KB

          MD5

          45528b2fd71a07c44b9c1c300545c068

          SHA1

          cf17f087f831b583dbcb6320f75f8db862459f3f

          SHA256

          1db6c67a0a17fbb45601ece046b7c9eb97dc4e6d612471042dc9d9edefe6236c

          SHA512

          5c31d7615d627f7a26ee0a7abd4054850b53f558c19f3c92b218b4feee9969d58f70896feabb45d2cea5cbb9115b5e21384e6c36a5d0b4ac8ea760ccc9156a78

          Download Submit

        • memory/2368-0-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2368-1-0x0000000000460000-0x0000000000466000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2368-8-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2884-15-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2884-18-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download