Overview

overview

10

Static

static

10

2024-03-26...er.exe

windows7-x64

9

2024-03-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 23:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_4d4e7044716e2ac47e0e75b14445d02a_cryptolocker.exe

  • Size

    74KB

  • MD5

    4d4e7044716e2ac47e0e75b14445d02a

  • SHA1

    c38cb3abfb1a98b15ddf2cbc324338c7cda4ce18

  • SHA256

    43610cd9d3668991734e07da2801f68a708a2cbcc3e37b65a25ef9630abd7463

  • SHA512

    e2096b78b3168e7f9739a2c0c4a079027d360df1d708baf32e8227d35d01485a9b013c8c04e14c347bb02e01e64726f71f320e168e3c5ce8974a9018b98f31e1

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1sd:X6a+SOtEvwDpjBZYvQd2y

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_4d4e7044716e2ac47e0e75b14445d02a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_4d4e7044716e2ac47e0e75b14445d02a_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:684
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4848

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\asih.exe
            Filesize

            74KB

            MD5

            9502ab9a16e6713693f24e1d3a3c48e1

            SHA1

            fcbb60ff294d0dbf0911f62da364e37ce4e99931

            SHA256

            ec0668f8e6995a8ecf3ae7a9254b836717c96d1c6c5ec4aa737bb34bcf0027c6

            SHA512

            bc7ee35d07312268771b983444ba479aeac505090abd6267083bfec288df16ae98cb171a4977b1442a974315609d58a3ade5c47bad135638e3c700b2f7e74d14

            Download Submit

          • memory/456-0-0x00000000005E0000-0x00000000005E6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/456-1-0x00000000005E0000-0x00000000005E6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/456-2-0x0000000000610000-0x0000000000616000-memory.dmp

            Filesize

            24KB

            Download

          • memory/684-17-0x00000000005C0000-0x00000000005C6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/684-18-0x00000000005E0000-0x00000000005E6000-memory.dmp

            Filesize

            24KB

            Download