Overview

overview

10

Static

static

10

2024-03-05...er.exe

windows7-x64

9

2024-03-05...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-05_2abd82b8ab38009133eaa7152a8ca526_cryptolocker.exe

  • Size

    46KB

  • MD5

    2abd82b8ab38009133eaa7152a8ca526

  • SHA1

    21cd60800c62e4af8a9ff3eac41d06f77a6270c7

  • SHA256

    8fb7d7ef007bfe072a643b0cfa64284675eb02fb6625fce29e9944af41647705

  • SHA512

    595c8e08505101bc23d5634d50bcabfdee25bd7cd4baf324f614d767d4054e29d51b54def64cbac925417c659abb8ea0aae9943e82e13f9ec56d5a5b98677a94

  • SSDEEP

    768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05WTB+:qmbhXDmjr5MOtEvwDpj5cDtKkQZQ6U

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-05_2abd82b8ab38009133eaa7152a8ca526_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-05_2abd82b8ab38009133eaa7152a8ca526_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    47KB

    MD5

    8e6d35c3edb3a59d2dc182dd7bb7d206

    SHA1

    da7b66eaa46451972f446a4c8a2b61cbd8a9829a

    SHA256

    cd3196d826d1f7a0e43ce2510102d33c0594391aefe6e56c2c4244a4eca26dae

    SHA512

    e456c1b43a752e09f1b59ff4afeb38806d1b9e76e207f69f7af41ac1da7cf9ca617b9b3b99372eeed6c4a9b53defd3ad182a4d5f46d3a4dc95493c285c0a2cc0

    Download Submit

  • memory/2020-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2020-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2020-2-0x0000000000330000-0x0000000000336000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2020-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2020-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2468-16-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2468-18-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2468-20-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2468-26-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download