Overview

overview

10

Static

static

10

2024-04-29...er.exe

windows7-x64

9

2024-04-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 00:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_abc0032714c08fc4722d15c41b00b33e_cryptolocker.exe

  • Size

    45KB

  • MD5

    abc0032714c08fc4722d15c41b00b33e

  • SHA1

    cd01273c17d116353577802c3aa640b814b04b08

  • SHA256

    adef23ed49decba79557d4df87fc4f88d3e639138777a6525b32180221c6e78b

  • SHA512

    e08cc422969d356ee3754ddf99330119b8ecd74b993268d982cb9d703412b4eab83131df5fd727b7dd08220df05107c397a165dec5b628832f9f1f6ad3f5db67

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLam5aFr7YOzzfm0EXsJZ:V6QFElP6n+gMQMOtEvwDpjyaYaFAh3k

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_abc0032714c08fc4722d15c41b00b33e_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_abc0032714c08fc4722d15c41b00b33e_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    45KB

    MD5

    6c1e81c50210474e7abeb7f078a56cb9

    SHA1

    65e71b65346e43c2ee7819e621ceae3fe425f08e

    SHA256

    b5dba1143d55221cbd57a38e3972cb0cb77b50941187ea210cb9bf50bf7be772

    SHA512

    266bf476a5646017427ac3226e211366f7408c7d3def5326d8ca7d4ae78003173b934a4634c615190dd32f85e17e011d4f19f23fd335da742bbcd77673f228da

    Download Submit

  • memory/1652-15-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2972-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2972-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2972-2-0x0000000000380000-0x0000000000386000-memory.dmp

    Filesize

    24KB

    Download