Overview

overview

10

Static

static

10

2024-02-25...er.exe

windows7-x64

9

2024-02-25...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 13:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-25_61111689c70a97544469420643d72234_cryptolocker.exe

  • Size

    103KB

  • MD5

    61111689c70a97544469420643d72234

  • SHA1

    b301fa4b9885df8893d61033f95dda682f426750

  • SHA256

    a53f6471c3ac92dde40cbd3b0494c78aff214baf236f40389c311cdbda74a365

  • SHA512

    70cd7e2f6dd2f856c8bad4fc9c1f9895bd7ae9acafa498a38f0e695cddc0c059aa26592a940c8db2a15d3f78cea4fb03ccd2d13b8b801f7ce7cc70139e61e854

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgpwqWsvikv:V6a+pOtEvwDpjtzK

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-25_61111689c70a97544469420643d72234_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-25_61111689c70a97544469420643d72234_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          103KB

          MD5

          09709a103272f7b8b40beb469f81782d

          SHA1

          ff29358f245962089647cba626cb5af36e0752ea

          SHA256

          fb18b111f35d1ac13f4dfdd5627842f88ced18dc63dc8574477a261af5681e4b

          SHA512

          653c8419ea9ceccdacc25852711bd79fc968a8cad9c2fcd45c50bd956ecf1c6294d7e9e46f84db07d1c1df868c171bafb3e5903db2a1dd23734b6f598a022e78

          Download Submit

        • memory/1924-0-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1924-1-0x0000000000270000-0x0000000000276000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1924-5-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3040-16-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3040-15-0x0000000000370000-0x0000000000376000-memory.dmp

          Filesize

          24KB

          Download