Overview

overview

10

Static

static

10

2024-03-11...er.exe

windows7-x64

9

2024-03-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 04:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-11_0d360891b9f53907f64da964e24ecee2_cryptolocker.exe

  • Size

    96KB

  • MD5

    0d360891b9f53907f64da964e24ecee2

  • SHA1

    1aa9ff77993d6bec308faefc6e5f857e34ba91c2

  • SHA256

    14d39ad620c56b9d6bcff61fb79d82c95a9dbc0b0fad8abfbb1e959e35e57744

  • SHA512

    4b3245a2fa55027b86e234a1c0d0fbd80685d47446d6253eade798f521cbcc8f8426c22af13c99f33d83283eddd4b29dc900843211df9a00df45b5a645b6d1bd

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgp+G:V6a+pOtEvwDpjtz+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-11_0d360891b9f53907f64da964e24ecee2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-11_0d360891b9f53907f64da964e24ecee2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4460

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          96KB

          MD5

          70a695e378a8130cdc39abb896c5de4b

          SHA1

          fb5f9e2a08c0eb066e18b28029a5673fa3fe4a4a

          SHA256

          4e88b78f803ba3142d1119160550210473d75234f61e23c8111b0804fc2da5a9

          SHA512

          0884393ff754369e2ddb534d0b5bd2a7dd3d1da75e3853ac442bdb6a3c2dc8d7ee551d4c36c3cc79c4272cdd169f756df0a599003f3ed61d36a12c021942f959

          Download Submit

        • memory/1580-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1580-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1580-2-0x0000000002100000-0x0000000002106000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4460-17-0x00000000020F0000-0x00000000020F6000-memory.dmp

          Filesize

          24KB

          Download