Overview

overview

10

Static

static

10

2024-04-18...er.exe

windows7-x64

9

2024-04-18...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-18_ef192bea52e9e904b03585f1d609afce_cryptolocker.exe

  • Size

    46KB

  • MD5

    ef192bea52e9e904b03585f1d609afce

  • SHA1

    5eb8a824abbd9d6d2b4b4947356cce80309163b5

  • SHA256

    eae0c17a2ced399fe8d741c0be73468b0247b9cfea1c5469923d476ec358897a

  • SHA512

    5ac4b804af32e4f48acb132c8c7c174387f04943a1e40bd9a71f523df34cdb3f20f7009049039b2958280b7272e8efecaa433f8af003011f05875b6917c73f9b

  • SSDEEP

    768:P6LsoVEeegiZPvEhHSP+gp/QtOOtEvwDpjBBMLZdzuqpXsiE8Wq/Dpkco:P6Q0ElP6G+gJQMOtEvwDpjB8WMlfo

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 6 IoCs
  • Detection of Cryptolocker Samples 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-18_ef192bea52e9e904b03585f1d609afce_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-18_ef192bea52e9e904b03585f1d609afce_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    46KB

    MD5

    a865487ec4b3f3c18469b45ede311af3

    SHA1

    6c6918239427979185590335b436417a4285d9f9

    SHA256

    39da8908354a5a43abc4272e999824460bdda2d5df505c0d308e24b6e3d2b4af

    SHA512

    c8fb8ec233bc12ae2dfc0bca5c2169ed89329c10e380685edcfc6b83b75a3ee6af5093cbda395a09f8b5daa8917982c246030b8de7621354d74cceac39e8a20f

    Download Submit

  • memory/1912-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1912-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1912-2-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1912-9-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1912-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1912-13-0x0000000000610000-0x000000000061B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2492-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2492-21-0x0000000000340000-0x0000000000346000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2492-27-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download