Overview

overview

10

Static

static

10

2024-03-12...er.exe

windows7-x64

9

2024-03-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 10:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_4bd112d363fe954a0e9d7fea46d82eda_cryptolocker.exe

  • Size

    48KB

  • MD5

    4bd112d363fe954a0e9d7fea46d82eda

  • SHA1

    2b0226e3d418bee6c2c90b99a6655b0445898dcf

  • SHA256

    589810ad7a34900001932972f5e694873e70c60c4895dc0e78bd44da4cb40197

  • SHA512

    abd6c6c33d85152ebb866b693d728b9c6593bbf6f7f1a62e5a8712f9afdef9f08f63f2dad89677a3aab8bc98e45a33e5315ccc0760929d09bc2c949398fe8f3b

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3wwsr0JJc:X6QFElP6n+gJQMOtEvwDpjBD/

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_4bd112d363fe954a0e9d7fea46d82eda_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_4bd112d363fe954a0e9d7fea46d82eda_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3684
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    499900799be8c4f6319df8f2e05749a9

    SHA1

    7d73e451a28fdc268f5a4a97ce75d3ed66fadf20

    SHA256

    700de88408afffd5763ca63818583ea39f129dc265718399abf2707d72e486a3

    SHA512

    221ad153099cc00758a09fd607dd64125f8028d40dbf84516789687fc8a263a9948378edb54bf9b0f4e25fe2104266e778f5b45b1b5ceb49999637d47ac08cd9

    Download Submit

  • memory/836-17-0x0000000002100000-0x0000000002106000-memory.dmp

    Filesize

    24KB

    Download

  • memory/836-20-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3684-0-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3684-1-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3684-2-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download