Overview

overview

10

Static

static

10

2024-02-21...er.exe

windows7-x64

9

2024-02-21...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2024 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_34bfdb72357d118c1b43c1a72d8a7c87_cryptolocker.exe

  • Size

    82KB

  • MD5

    34bfdb72357d118c1b43c1a72d8a7c87

  • SHA1

    ef57714b130de255b34dd0c8b2329685268d1b2c

  • SHA256

    c559291d004110ee47376601362a934e61892dc3d64147dcae11161323944737

  • SHA512

    f72a128b27e77d03ea095f2e896b6cb0f25559de98192975b892f61093574080bd4e0b8fa66bb04c61c2307a8f9afe4a0dd644d08664035af254ed65e5eee070

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtNw5CS95yFPnM:V6QFElP6n+gMQMOtEvwDpjyaLccVNlW

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_34bfdb72357d118c1b43c1a72d8a7c87_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_34bfdb72357d118c1b43c1a72d8a7c87_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    82KB

    MD5

    8f24b38a54d440d82f7ac843e6d4416a

    SHA1

    7c7336ede900d6f807d24a24eb7fbeae588f1bdc

    SHA256

    32cf1d6ad9922de1bbd615784446a5a9ed2d47f79076d7ed0230cdcd8bf9371e

    SHA512

    5398761fdd3dad34debdd636879c236f8a6b5be8f83b5960f456e9732e8eb875c96c76eb258766f1ae4535406d1f40954bfdae53164bca2fda29daeaf39a9976

    Download Submit

  • memory/2228-17-0x0000000000650000-0x0000000000656000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2228-18-0x0000000000620000-0x0000000000626000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4932-0-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4932-1-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4932-2-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download