Overview

overview

10

Static

static

10

2024-03-05...er.exe

windows7-x64

9

2024-03-05...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_701b8cf594e9e8cb6f8bfe9d9a00aa7f_cryptolocker.exe

  • Size

    74KB

  • MD5

    701b8cf594e9e8cb6f8bfe9d9a00aa7f

  • SHA1

    634e3f47dfa12a7fb4e7c8434be6677f0f241105

  • SHA256

    f4b3f6e3ae775ee8f5955acdf5e25faf5592ada72b965cf2889a5216335f1e9b

  • SHA512

    c4072f0314eeb81c06863ecf4da8c39af6430bd7acc3265fb59a9c602815d2dff7bb4743dd6a313553ce3eeccc7d398bee187bdb8986334310f3d85a38958ff7

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1RYF:X6a+SOtEvwDpjBZYvQd2c

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_701b8cf594e9e8cb6f8bfe9d9a00aa7f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_701b8cf594e9e8cb6f8bfe9d9a00aa7f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    96313e2178ee70c14b1484c7b0cfd883

    SHA1

    3043a1c5f4d7f1b64498a3e26c24327c4351914d

    SHA256

    397751b0df2b523640b79f3bb7f6c1f3ea3fb4f8de58e649e1a341be5eabb319

    SHA512

    804893da7347a991a4e95bf4b4690e1d7a320f55ee22f2d716acc078e1af142acef9bfbd14237f74cce0f2d7d62b3da54b860b6788d48255dd28db4f7b02bf3d

    Download Submit

  • memory/1372-17-0x0000000000750000-0x0000000000756000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2872-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download