Overview

overview

10

Static

static

10

2024-02-28...er.exe

windows7-x64

9

2024-02-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-28_281469d4b30d71178ad6d00def56fc90_cryptolocker.exe

  • Size

    84KB

  • MD5

    281469d4b30d71178ad6d00def56fc90

  • SHA1

    9550185e485371298773887057e19e8d39ddd25d

  • SHA256

    cab2f4df0eed1aef3785366c879cde4f6383a583753554cdefaef431b27ed934

  • SHA512

    68af799a051139d8b9849c8cef977014f813192119dce64f3ac0aab50f6de993e745d91f4ac1aa80a713e937aaeaa8757131e1c3c7bdbc54c01f16af0ca6892d

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNlVSLQr:V6a+pOtEvwDpjvpZ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-28_281469d4b30d71178ad6d00def56fc90_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-28_281469d4b30d71178ad6d00def56fc90_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    84KB

    MD5

    14b7df63e17590e678658181fb957825

    SHA1

    69d147e9e9e931f482a7fffee4d2e7b70e05748e

    SHA256

    681f15b587e244e2477e306123fea1e7504263ce47f4840aa3868294da41250e

    SHA512

    a9f6f372d58d705dbc5031340f92fc79177b3359120ccef7f103659aaa9875bc3c0fa26168af37f18b15780044f403085bbedd2142c6c4afbf191834e08b96db

    Download Submit

  • memory/1776-17-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1776-18-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3012-0-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3012-1-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3012-2-0x0000000002070000-0x0000000002076000-memory.dmp

    Filesize

    24KB

    Download