Overview

overview

10

Static

static

10

2024-03-26...er.exe

windows7-x64

9

2024-03-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 22:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_62b66cc25d48efd37b46407d327219a9_cryptolocker.exe

  • Size

    61KB

  • MD5

    62b66cc25d48efd37b46407d327219a9

  • SHA1

    3bc983615344626fc4ab6ac67858af7f8252acb3

  • SHA256

    529c384dcf703a815e98bab302202a129ce484c3e788d0576feae5409b032759

  • SHA512

    86d824a779d7d8de14f5b520897a935cad4bbbc161c2cfa69533feeb79b2f4509d61f7ae5388b51a91ce2ff143a0f1982c57b81d111104daab03521069a53f6b

  • SSDEEP

    1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb614A:BbdDmjr+OtEvwDpjMj

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 6 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • UPX dump on OEP (original entry point) 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_62b66cc25d48efd37b46407d327219a9_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_62b66cc25d48efd37b46407d327219a9_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          61KB

          MD5

          0019a7cdfa8ae6a064f1b2cc359c5772

          SHA1

          eb1b830e58fa087068a6773048eaa648ea9ea78c

          SHA256

          a44ca6339d9b1567218ccd837e7885500bdda5ca5045e6d0a53a7ccf9b5e266b

          SHA512

          fc5375a62820fdeb69a928f31989bf0b142d9f3da4115082f2ac1a172737bb86c73c877d034cbe33145327c8c695001a18fc0a1a3379d80c118f4fae9daa83f3

          Download Submit

        • memory/1948-17-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1948-19-0x0000000000470000-0x0000000000476000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1948-26-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1948-27-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2488-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2488-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2488-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2488-9-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2488-15-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2488-13-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

          Filesize

          64KB

          Download