Overview

overview

10

Static

static

10

2024-04-27...er.exe

windows7-x64

9

2024-04-27...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27/04/2024, 21:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-27_1a45cdb7bf2dc529e6591fb59271c241_cryptolocker.exe

  • Size

    95KB

  • MD5

    1a45cdb7bf2dc529e6591fb59271c241

  • SHA1

    49dd3a25edb0a9b0716c46f5012218d5d8c8e98e

  • SHA256

    e18100cf22a3232eab28c934d09f9029e341aa15123ea7aae2015d2e920cf0f3

  • SHA512

    e08ef72954b1b6e24adc3fd0a27e7b0c5a01ee7914665d0136cea851f2541c689aab0837830e1f5379827ad343f51df499029bb617ec614f4985c6eb83f88ef5

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgpZ:V6a+pOtEvwDpjtze

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-27_1a45cdb7bf2dc529e6591fb59271c241_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-27_1a45cdb7bf2dc529e6591fb59271c241_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2132

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          95KB

          MD5

          536e0142d3d8957c495c6c03f48942f4

          SHA1

          a768ebd56b8fc9be3abedd106ba7c0d7d4c6e064

          SHA256

          fba4042f0b49bb16f24a79ffd75fa3761b1d1ee1e263c5f23683a51f9c96b316

          SHA512

          a6b1411990a50859785c7786d8f5c73482df3cab47dc050f6b0b45681d635b288bab26e5a4ec2aec93b082ed42752617c80a5a08c4feb0cc4eb04fada31b2643

          Download Submit

        • memory/1728-0-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1728-2-0x0000000000460000-0x0000000000466000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1728-1-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2132-15-0x0000000000470000-0x0000000000476000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2132-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

          Filesize

          24KB

          Download