Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_1fdbddfc21d9aff1fd3b110abdb1a0bc_cryptolocker.exe

  • Size

    42KB

  • MD5

    1fdbddfc21d9aff1fd3b110abdb1a0bc

  • SHA1

    8d895081f2ee9da51f8d090c3b2469be017c054d

  • SHA256

    de48daa26ab9bef1f1f24fc4436f58d8d266462ef542bb718b577d5724f664fe

  • SHA512

    b0456099efc30e6f8347adc829b15dabcaaa3f37c967e4eefb562e10d697304cd3577e54866ea2e607ab4aba1792d8f24ec249f586434dd7acdcf3158d0a2412

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7DFHuRcD9o:X6QFElP6n+gJQMOtEvwDpjBmzDkWD+

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_1fdbddfc21d9aff1fd3b110abdb1a0bc_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_1fdbddfc21d9aff1fd3b110abdb1a0bc_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1796

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    42KB

    MD5

    f1a367238a8936d47ba5842b075c9859

    SHA1

    7839a13579685beabcc6ef86a4e40363296bbe28

    SHA256

    ad90a54109889f75db3629bf9e9375449cd9e9377f700f03d87a73e262580cf8

    SHA512

    71f4eaa18cc482f0a864efa5e25e2c038622eeb8b88374c15197d82f4d9309f4277c777bb3004a08c7eb8b06a87a74160d54a53e55e86b520a5065a1564e74da

    Download Submit
  • memory/1796-17-0x00000000005C0000-0x00000000005C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1796-23-0x00000000005A0000-0x00000000005A6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/3872-0-0x00000000021C0000-0x00000000021C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/3872-1-0x00000000021C0000-0x00000000021C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/3872-2-0x0000000002050000-0x0000000002056000-memory.dmp
    Filesize

    24KB

    Download