Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
08-05-2024 04:27
General
-
Target
2024-05-08_1f0e1df98f63da05d0b032ff93f14da9_cryptolocker.exe
-
Size
43KB
-
MD5
1f0e1df98f63da05d0b032ff93f14da9
-
SHA1
3c182644b07f3b4334b8730d1c795be80c96181e
-
SHA256
3f63d46ad881aca7fe5434738594aff73c18cb78447a60c491602cd25cd88982
-
SHA512
1789909902c609a4b0ffcce0a58dc57a98507d0084ee74b08568c5f9e7dc9b7b175fd780f761c27ff8e623fa02ee1498be9b7689617a133157c3f1225c9a4e60
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7DFHuRcD9HxC:X6QFElP6n+gJQMOtEvwDpjBmzDkWDtQ
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-08_1f0e1df98f63da05d0b032ff93f14da9_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-08_1f0e1df98f63da05d0b032ff93f14da9_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD51c81e8a6f5848c5abc73329095ca272a
SHA1b0a970d1f510958ab920d94b3de74eddc03b5cc1
SHA25605edf0e585dc704504776d1c9ac439ebe17048fa5b07900647d1228b1ef41220
SHA512ca9ba9820fe3776a376a8efa0d5c533705e4af1e8c03be97fcd64e2aadd40b6788768cc1128c2d0304fd635cbf671eb6acded040534be1549d2a386df041fab5
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB