Analysis

  • max time kernel
    1s
  • max time network
    6s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 06:38

General

  • Target

    2024-04-05_be95890987b379e4f612dc8d7e6eb01f_cryptolocker.exe

  • Size

    54KB

  • MD5

    be95890987b379e4f612dc8d7e6eb01f

  • SHA1

    3bc98255c86471163c5d200527d236d04b3f633b

  • SHA256

    4dd304e23bd4138162c154c951737652b6d89a6fb6377ece151d598b38be8bc9

  • SHA512

    f9beefbb3893121543ad4a0cbecb4e721b5f1ce81a29d4d2f3018015dc355b17f35faf738c92ca2a7fc71764d20af437bced788429314990ac145ee0bb0f6f85

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQaV2Lq:X6QFElP6n+gJBMOtEvwDpjBtE1yILq

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-05_be95890987b379e4f612dc8d7e6eb01f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-05_be95890987b379e4f612dc8d7e6eb01f_cryptolocker.exe"
    1⤵
      PID:4304
      • C:\Users\Admin\AppData\Local\Temp\asih.exe
        "C:\Users\Admin\AppData\Local\Temp\asih.exe"
        2⤵
          PID:4456

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\asih.exe

        Filesize

        54KB

        MD5

        b027450422f007ad676abedfb4207aa4

        SHA1

        221e1ea858484495d6cbd6f8bde1f94b3dedf9e4

        SHA256

        f00b5d0214dd265572005c193e2d5f68de3abd553778ae48dffda4b5bc71152d

        SHA512

        c1a6ea52f0e6bc5c59a86a54a6f749cd241784355cfc1f3ba943f2f8fc20b420a6430cd38c33ef2b357d1941eda6d7429c2950b2e87a212b22912d0d1f09a6ce

      • memory/4304-0-0x0000000000630000-0x0000000000636000-memory.dmp

        Filesize

        24KB

      • memory/4304-1-0x0000000000630000-0x0000000000636000-memory.dmp

        Filesize

        24KB

      • memory/4304-2-0x0000000000650000-0x0000000000656000-memory.dmp

        Filesize

        24KB