Overview

overview

10

Static

static

10

2024-02-27...er.exe

windows7-x64

9

2024-02-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/02/2024, 20:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-27_9700e868d576d333680a02e44fd39f07_cryptolocker.exe

  • Size

    48KB

  • MD5

    9700e868d576d333680a02e44fd39f07

  • SHA1

    1997e168801e634337810e152ddd76c1379d4892

  • SHA256

    1f5df789cad74156fbcbd3f22c30a49e4f1ef4706c9e1ef7d1c509931817c3ce

  • SHA512

    d7e2ef78c7bb4edf1926ffdac62d411f2b8801bc8a11486ffe37aefece40ba56213f1f8af14e5f07eb9fdce15fd45fc987e3ea5acc5a6d4008e4289773c4a84c

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEqbIu55id3AMWZo:X6QFElP6n+gJQMOtEvwDpjB0GIWiWLC

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-27_9700e868d576d333680a02e44fd39f07_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-27_9700e868d576d333680a02e44fd39f07_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2156

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          49KB

          MD5

          9a9e99c6ea461f5d0c6cd8a98ceaf8d3

          SHA1

          eb01996ec25aa59bfa304532aacbf9147e971127

          SHA256

          7c02f465afafd000dd403ce241e4a658b9f6b0518b456a45dc0b87bfb0095b0a

          SHA512

          7d04896f2f6409768a2eb8e44badfbc628ab25abc016af41d898d76f7fec751a4f92599142bccb4b388ab2e807ec488cede73633a1ad08dc21e7125e9fb08927

          Download Submit

        • memory/2468-0-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2468-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2468-2-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download