Overview

overview

10

Static

static

10

2024-04-17...er.exe

windows7-x64

9

2024-04-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 03:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-17_58a51d31964b2eaa67f18dc23efcb991_cryptolocker.exe

  • Size

    40KB

  • MD5

    58a51d31964b2eaa67f18dc23efcb991

  • SHA1

    1f57f32a26ebc5578cdce2f0ec4b3d1f50e442a1

  • SHA256

    84de364e6524e231212899bf614bdde954f407a5727e139882567643b434207d

  • SHA512

    1bae50cc7a68a7941bbb1224f6c83950ca96f7e3d3635e44b4d7673305a409dab1a7fff14f1cb8d2380ff3c048f96cb407defecae809b1751d9ac80cafcbc774

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HKcfrW:X6QFElP6n+gJQMOtEvwDpjBsYK6rW

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-17_58a51d31964b2eaa67f18dc23efcb991_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-17_58a51d31964b2eaa67f18dc23efcb991_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4308

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          40KB

          MD5

          609ae5822c07d332743c11bc7bf076d5

          SHA1

          89792072f471360da4b533e82e912bdfbaf58b4d

          SHA256

          be881711d552177aa2c9f2290963c311f3de0fdd252fa67ced9ce92c621f93fb

          SHA512

          83eb944540ca5a7171f204c9243a9e077fffe66978f12dd2180b15be3b2348109eb2045f3046860361fa546e04cc50ddf8395d5ad65f0f984b491b4dc26ddeb0

          Download Submit

        • memory/3024-0-0x0000000002190000-0x0000000002196000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3024-1-0x0000000002190000-0x0000000002196000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3024-2-0x00000000021B0000-0x00000000021B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4308-17-0x0000000000660000-0x0000000000666000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4308-23-0x0000000000620000-0x0000000000626000-memory.dmp

          Filesize

          24KB

          Download