Overview

overview

10

Static

static

10

2024-03-26...er.exe

windows7-x64

9

2024-03-26...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-03-26_d0d1d86d7238b16092656c74b4a21af8_cryptolocker.exe

  • Size

    38KB

  • MD5

    d0d1d86d7238b16092656c74b4a21af8

  • SHA1

    ce92f0358f9cc3b82d85459f7d007f79300f5d0e

  • SHA256

    863527bd80ada6ccb639d825996e851f7d5f27895cbc554ad67ac68f9a73dfda

  • SHA512

    525df8874c2c5b6cdda734c2f3babb9d8fbbc5c4ba38beb4c2f2c770180435a197c35bd74e18e6f785aeba5563ca42c74dd3188393ffc26a00f0abee4bb02aba

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLam5ax0:V6QFElP6n+gMQMOtEvwDpjyaYa+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-03-26_d0d1d86d7238b16092656c74b4a21af8_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-03-26_d0d1d86d7238b16092656c74b4a21af8_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    38KB

    MD5

    428cd0ac8cec6ea4a6e16ae85f0604bf

    SHA1

    6e5a2729704ab13db56003003684a9df8b478c12

    SHA256

    639bda082b57a95e6388647204b847bdbf01548ffab9fa4ef3fcc09e69c26e99

    SHA512

    9805cafc4e453e932bf4c135b55944f66785ad0a4b616395540c97f3b5ba1761e7275df73dd0e1cbca78a827da11e0bdc7ddaed83511155768c9e0c5abcd8d50

    Download Submit

  • memory/2632-16-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2632-15-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2884-0-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2884-1-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2884-7-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download