Overview

overview

10

Static

static

10

2024-04-15...er.exe

windows7-x64

9

2024-04-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-15_a58e1024c11ef9755a000d4ae584a653_cryptolocker.exe

  • Size

    48KB

  • MD5

    a58e1024c11ef9755a000d4ae584a653

  • SHA1

    f69558306c5021b485964799f6bbe03909b4bc1b

  • SHA256

    469d4e89f59838b6e4fb6929d2ae080193d615162ddeb20a36a2cf4f0729c751

  • SHA512

    24afa841337b719b6d1be44f51ee6236293cf05ddd42edfa18b231328e7c7b4a97336b0419def4ed342f44ce87afd8fdd927a14cc5ff25c3d0e6be9e60191619

  • SSDEEP

    768:qmOKYQDf5XdrDmjr5tOOtEvwDpjAajFEitQbDmoSQCVUBJUkQqAHBIG05W2Mocx:qmbhXDmjr5MOtEvwDpj5cDtKkQZQE

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 6 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-15_a58e1024c11ef9755a000d4ae584a653_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-15_a58e1024c11ef9755a000d4ae584a653_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    49KB

    MD5

    6198127a01cd1229353cb44a3c14816a

    SHA1

    e3c1ac925147c6543978f6be2bad18333c0a5f06

    SHA256

    f06b13f4a230e2c76deae637b08198844563508820c956928177d93b4f1b8678

    SHA512

    43fb4100ae625e016ef06e84bc99542a18514ad08ce4f90bd1447061a0eb1d13494acd3e9b2c1b62b0892666354bdf2487caa4fe696aa8159eaee88a5a6fe9a4

    Download Submit

  • memory/2088-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2088-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2088-3-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2088-2-0x0000000000270000-0x0000000000276000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2088-13-0x0000000001FA0000-0x0000000001FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2088-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2596-17-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2596-19-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2596-25-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2596-27-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download