Overview

overview

10

Static

static

10

2024-04-23...er.exe

windows7-x64

9

2024-04-23...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/04/2024, 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-23_ab814a79165c1a99ca2f768a882cdd87_cryptolocker.exe

  • Size

    70KB

  • MD5

    ab814a79165c1a99ca2f768a882cdd87

  • SHA1

    af808d66422703b93a3334efcb450115906f7078

  • SHA256

    307064b831c2868e463f9d99e8d111e6de076e0ddb524d4b2a7fb967f1650765

  • SHA512

    698e881dca28027f7cc7c39b73471fd8e435198c9b1250ee247addeaa40ff968259d9c72bc59d150340765540e8eb48e5cf13e25b16d01c32ca2bc5ef77dd8ba

  • SSDEEP

    1536:Dk/xY0sllyGQMOtEvwDpjwycDtKkQZQRKb61vSbgZ3QzNKU50G:DW60sllyWOtEvwDpjwF85J

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-23_ab814a79165c1a99ca2f768a882cdd87_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-23_ab814a79165c1a99ca2f768a882cdd87_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    70KB

    MD5

    0cd16b54c78e7434d634175f157fc36f

    SHA1

    1ac662d0e62ff87ab67466839097ddbdd8d8ea35

    SHA256

    598c4fd447917afbe9c16536513e350b1703e9cca176df82ee6f5e61e0083e2c

    SHA512

    1f27edc2eb57b57449bf7fa49f6256fe4ff38af28fda595aa2726b00b9b5fe0ffc91fe8b81bb3d4b808c16263089fe46860b75c867a641272110c995b4835958

    Download Submit

  • memory/1652-19-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1652-22-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4164-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4164-1-0x0000000002150000-0x0000000002156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4164-2-0x0000000002150000-0x0000000002156000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4164-3-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4164-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download