Overview

overview

10

Static

static

3

e256554751...d4.exe

windows7-x64

10

e256554751...d4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-03-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e256554751f567643b949445307bbbd4.exe

  • Size

    404KB

  • MD5

    e256554751f567643b949445307bbbd4

  • SHA1

    a3ec05323d9c7ed51868615f46449818dd69201c

  • SHA256

    6b14c5898323db58c5ff44149f65fc99b04924ba76dac72c18872e53d4829af9

  • SHA512

    a1dfafb2a9229e42e30a794cac4bcc89e7007487b93d262779f1f076c80c7d0752fc910e7bc3ceee70443902cc169b3dc835cb02267ca8490620fa7ebf1bab5e

  • SSDEEP

    6144:HWmw0EuCN0pLWgTO3x5N22vWvLRKKAX5l++SybIvCGJdZ3:HWkEuCaNT85I2vCMX5l+ZRvJdZ3

Score
10/10
cryptolockerpersistenceransomware

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e256554751f567643b949445307bbbd4.exe
    "C:\Users\Admin\AppData\Local\Temp\e256554751f567643b949445307bbbd4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\AppData\Local\Temp\e256554751f567643b949445307bbbd4.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
        "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000021C
        3⤵
        • Executes dropped EXE
        PID:1980
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      Filesize

      404KB

      MD5

      e256554751f567643b949445307bbbd4

      SHA1

      a3ec05323d9c7ed51868615f46449818dd69201c

      SHA256

      6b14c5898323db58c5ff44149f65fc99b04924ba76dac72c18872e53d4829af9

      SHA512

      a1dfafb2a9229e42e30a794cac4bcc89e7007487b93d262779f1f076c80c7d0752fc910e7bc3ceee70443902cc169b3dc835cb02267ca8490620fa7ebf1bab5e

      Download Submit