Overview

overview

10

Static

static

10

2024-03-12...er.exe

windows7-x64

9

2024-03-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-12_9ebdeb976913506446ef74506154cb78_cryptolocker.exe

  • Size

    60KB

  • MD5

    9ebdeb976913506446ef74506154cb78

  • SHA1

    7f290da526869ac215693df3daf48af10cb8074f

  • SHA256

    86d6705000616ad093e99144b15eef56f92366c8ae8a768c674b0d342bbbc50a

  • SHA512

    abe0657c315dfa499aff126d04b9e8b6efdd8669d58bc2977bfc57a7359e6f3fbc2bc4ac57cffb698fb5bb3e68c731fbdfd59a578a5606dfaf37aac1fe6cd13a

  • SSDEEP

    1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb614n:BbdDmjr+OtEvwDpjM0

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-12_9ebdeb976913506446ef74506154cb78_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-12_9ebdeb976913506446ef74506154cb78_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    60KB

    MD5

    7d11f2446cad7bc478f51e4a739ce09f

    SHA1

    1c937829572f3c882f8f1ad6d207c7ac14b7a027

    SHA256

    0a5d6bf18c07310dfd90652194294d3d5f703bb6702bcced276e6179f1cb17a6

    SHA512

    c42da4464f85ed289d8bf56aaa32b227a59a362ff5f9998fe6f5e1b1e8138210f5fa4004ea662be41a59415b78bd9a64677a6fa4dc46c382f83b060a61e40a17

    Download Submit

  • memory/2040-1-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2040-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2040-3-0x0000000000320000-0x0000000000326000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2040-2-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2040-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2040-14-0x0000000002840000-0x0000000002850000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2040-28-0x0000000002840000-0x0000000002850000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2376-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2376-19-0x0000000000470000-0x0000000000476000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2376-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2376-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download