Overview

overview

10

Static

static

10

2024-03-14...er.exe

windows7-x64

9

2024-03-14...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    162s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 11:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-14_e389184ba8d19604617a919507fad185_cryptolocker.exe

  • Size

    54KB

  • MD5

    e389184ba8d19604617a919507fad185

  • SHA1

    9101c081493e5ca026b63776f221c25055ea088d

  • SHA256

    17d189abfae86603969eab076b2d8e018ac685ae8131ac882db0f6f6d82d6bfb

  • SHA512

    b77804ecfd041bd7abf6219660f1d358d64f4dbe2cd24abf1516796d8754fb4522dfd1e655a925283cec8264760852639275615101256af35ad035b146520505

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylSV/CCjgua:79mqyNhQMOtEvwDpjBPY7xv3g8Oz

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-14_e389184ba8d19604617a919507fad185_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-14_e389184ba8d19604617a919507fad185_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2612

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          54KB

          MD5

          453243290f4ac600a5e106dace5572d2

          SHA1

          5f89cd20f6c8f66dfc89e32f4d02cacd72ec96ed

          SHA256

          019d9ef2f9e684ba84fb4c900aff938180b4e3ee4d308f07a827ac75fb004293

          SHA512

          cae7151464276aedb4ece21bdfadd08f0f5d17e127721f40d34cb48c6508f45e19e79a93b41b243f4cd2aff09b8d0b93208a6ebe9686eed6649940352c3e0375

          Download Submit

        • memory/2612-17-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2612-19-0x00000000002B0000-0x00000000002B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2984-0-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2984-1-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2984-2-0x0000000000300000-0x0000000000306000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2984-9-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2984-12-0x0000000002480000-0x000000000248F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2984-16-0x0000000000500000-0x000000000050F000-memory.dmp

          Filesize

          60KB

          Download