Overview

overview

10

Static

static

10

2024-02-22...er.exe

windows7-x64

9

2024-02-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2024 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-22_217439cd75149697c1ef3a69ce38b004_cryptolocker.exe

  • Size

    89KB

  • MD5

    217439cd75149697c1ef3a69ce38b004

  • SHA1

    95dd8c45f8ed14c46987f9574fad74aea5bd9223

  • SHA256

    8efd203cb756c7fd4f09e8a1624a55a1306d15d746a4661a620d29ac52f0fc0d

  • SHA512

    64726fb3648d9ddda615db99acb2f10705462cfcdee87a0108b1c442e2bf473734fe70843043c21ce6ddc2b73429958dca7eaf513c90da8caad6fabf3fe19c6f

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwMgV:V6a+pOtEvwDpjtzR

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-22_217439cd75149697c1ef3a69ce38b004_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-22_217439cd75149697c1ef3a69ce38b004_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    89KB

    MD5

    11009f35b07ed062f80b21a01dacebb1

    SHA1

    94a5df7fc497e6f330a026a840a3de7a4594a618

    SHA256

    d0fa91c641ecf10f7224ae877ed60cbe15329a4e20390cac01c7a7e77e0c3b50

    SHA512

    2b1a748b3c881e766ffb5ed36578c42a5a6c685f618c8c36f904ca7e31019708a59d727e435acb30477be97b21a416a502b7c7e28a184b2872944bcd65b899a2

    Download Submit

  • memory/1076-17-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1076-19-0x0000000000640000-0x0000000000646000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1532-0-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1532-1-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1532-2-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download