Overview

overview

10

Static

static

10

2024-04-29...er.exe

windows7-x64

9

2024-04-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-29_9977bfe3ea867b4743e95689342082bd_cryptolocker.exe

  • Size

    50KB

  • MD5

    9977bfe3ea867b4743e95689342082bd

  • SHA1

    5994d3faaaf6e051d0c35341648e313bff718587

  • SHA256

    56f0e9a2a99f212ee4995508a11a2bd4e7681894be27c9311ac6f8b478cbb414

  • SHA512

    fac2a53ef3ef826ebd64edc38b3d45fcbf8fafe6eca7de525566b03ef5c8dbb90fe55b4aae4a2e1fe099e8a8cff8f4a324ee10e1778ffcea6907751ec3255738

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBK/rJ+Nw8qnTHGf9:79mqyNhQMOtEvwDpjBxe8GGf9

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-29_9977bfe3ea867b4743e95689342082bd_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-29_9977bfe3ea867b4743e95689342082bd_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    50KB

    MD5

    f8aa5383e9cb4ca66c324f844aed7c25

    SHA1

    4824aa9686dd9e00fc5197f28bcdb49fb963f3c0

    SHA256

    2e3aab987c8eac22e09360afc31da4fa393839a76316083e5d39b013565e59cd

    SHA512

    9b58d82ea99cf880b377c4b5e7566cf94e796f0dae8efba5174577af3338ee27337de90500c0c7c434b71f43b9b57eab07227a7da773b80ff41ee5da003ee145

    Download Submit

  • memory/4788-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4788-20-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4788-26-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4900-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4900-1-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4900-2-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4900-9-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4900-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download