Overview

overview

10

Static

static

10

2024-02-22...er.exe

windows7-x64

9

2024-02-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2024 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-22_bbcd76f68ab979efa9465002be024e84_cryptolocker.exe

  • Size

    88KB

  • MD5

    bbcd76f68ab979efa9465002be024e84

  • SHA1

    5c5928195be5acbb54bae432964d53296fb35f5d

  • SHA256

    688a47c5c159f2227cf9dd173686f028151c7de9c94a2c08247e776edfe269a7

  • SHA512

    6b0071ebc10696f6ee01e53c6b6b8f60683666204decc6e700d128214ac50f6669015822625584a0f684f5d6adfb3d69e058000124de186233113aa2ce0a4cee

  • SSDEEP

    1536:qkmnpomddpMOtEvwDpjJGYQbN/PKwMgSm:AnBdOOtEvwDpj6zn

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 7 IoCs
  • Detection of Cryptolocker Samples 7 IoCs
  • UPX dump on OEP (original entry point) 7 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-22_bbcd76f68ab979efa9465002be024e84_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-22_bbcd76f68ab979efa9465002be024e84_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    19KB

    MD5

    b5948c86c81580c8c779c29b10834a26

    SHA1

    b6f8608bb836ac0b6caa2b9a3e4eba8b48249314

    SHA256

    b318fb635c3008e7ea6eca1f529160d2856fd0a8acc534c17cf2f85b57427a34

    SHA512

    55dc4e98058c4fc8cace53bba3f78c73938c9275e8d2c5fdb37b4d8cf46c5bfd2860c123fe5785c9b17eeb8933bc3edb0dc80b4c4156f1172351720bfd0909cf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    88KB

    MD5

    6dfc8eefd021a886ce5f2a891b8ef8b0

    SHA1

    0c85d9792c3f2336e75f8caf4ce7f15959504a13

    SHA256

    138b32ea9f88041e29917f44c2d5932e2d22e4da040d35df977663153fbb83e5

    SHA512

    41e63c4068f03cce4f2e12c2b07b2e0bdfafc9a24ce993f5d3a3b91b1daa03ec1eb554542b5fb243df2bce8e9cbe41411fce0b5ec87a0edaad3b7c9d682084cf

    Download Submit

  • memory/2764-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2764-1-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2764-2-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2764-3-0x0000000000440000-0x0000000000446000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2764-13-0x0000000002800000-0x000000000280F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2764-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3064-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3064-20-0x0000000000200000-0x0000000000206000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3064-19-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3064-27-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download