Overview

overview

7

Static

static

3

202404143e...er.exe

windows7-x64

7

202404143e...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202404143ea10832e54b2ad9409763d6b5d3ec8fcryptolocker.exe

  • Size

    49KB

  • MD5

    3ea10832e54b2ad9409763d6b5d3ec8f

  • SHA1

    1e2999caba6e97655a664dc7f5b7a33ce90964c4

  • SHA256

    c3b5d23431897701d5f1a36cb202270ae10a8d4f93a0a390c8f12e06faf102e9

  • SHA512

    853d4f5f1bb2a6ecdb7a3d4d6036866d3100aa042d3115905b53997d9a4c005ef05f5242c9b4d318adbb727606d63ec6ec566cd8c9092f15be1fd20ed4bed7f1

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaaEqbIu55id3AMWZ7:X6QFElP6n+gJQMOtEvwDpjB0GIWiWL1

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202404143ea10832e54b2ad9409763d6b5d3ec8fcryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\202404143ea10832e54b2ad9409763d6b5d3ec8fcryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    49KB

    MD5

    5fa874043a991975b3351f8e13482c7b

    SHA1

    9dc4a5707fec594edd411f1f96b6e313d388e562

    SHA256

    8083f0614f081febd0c5324b18ec09d53c76c1df80309c03b02786a29c682a4e

    SHA512

    f54084faccc87c83ca33070dc133335004956d998f312e34d0c4869266e6a8a292b0e066d63983f2bbce1b8f7dc36904a5d7e04ebd20d58931d199543f695140

    Download Submit

  • memory/2380-17-0x0000000000590000-0x0000000000596000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2380-19-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/5012-2-0x00000000006C0000-0x00000000006C6000-memory.dmp

    Filesize

    24KB

    Download