Overview

overview

10

Static

static

10

2024-04-24...er.exe

windows7-x64

9

2024-04-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 21:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-24_de49eaf56b5c81abcfd5d196d89420ea_cryptolocker.exe

  • Size

    85KB

  • MD5

    de49eaf56b5c81abcfd5d196d89420ea

  • SHA1

    6dd68d1d73dfabc1436368a2d1f60e95c478cbf3

  • SHA256

    7b665a8a688f6901f111854f25e43734df423219614e13a11b8d943f6c3552a8

  • SHA512

    243f284cb3678d00e92936b1f7622dc00e429dcb65b49033d298be11066d6b5bb0460c4ecb31b0012f28aea019abb47bb17157e13b2f64c75ecfa63045565bf5

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtNw5CS95yFPnYcL:V6QFElP6n+gMQMOtEvwDpjyaLccVNl64

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-24_de49eaf56b5c81abcfd5d196d89420ea_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-24_de49eaf56b5c81abcfd5d196d89420ea_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:5076

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          85KB

          MD5

          2b3de31edd70a5bff785ebb1e0f06a1e

          SHA1

          6fc0d9c96222cb24d5f137245d57b5805f6e22a0

          SHA256

          1eedf8b03c4e8245c32151d5e64d3d76e398cb9974608ee8f7496140e91fcd03

          SHA512

          c97e5f7c4a68d86e323ce2a1216b4f8ae1ea9921a2d6376f449156294deebe79659345a8d9f70eb6eaeb1f9d9cbda576f5506d4bcbc2ce54072acb16cd6b81ea

          Download Submit

        • memory/628-0-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/628-1-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/628-2-0x0000000000660000-0x0000000000666000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5076-17-0x0000000000650000-0x0000000000656000-memory.dmp

          Filesize

          24KB

          Download

        • memory/5076-19-0x0000000000620000-0x0000000000626000-memory.dmp

          Filesize

          24KB

          Download