Overview

overview

10

Static

static

10

2024-05-09...er.exe

windows7-x64

9

2024-05-09...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 15:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-09_560bad413c302a624dc7ffd3f38ae557_cryptolocker.exe

  • Size

    79KB

  • MD5

    560bad413c302a624dc7ffd3f38ae557

  • SHA1

    64ed66757ae3b09292e76e4a35a3d80a3ede3b05

  • SHA256

    be5334225826d76dd6974f642d416caf5a1b54f4a295dfcd68710f1e31c4095c

  • SHA512

    6524cda5cadc0ba32e16c68d2bcabfdd5edd6997e5b3420f0ae79087b35dc7bf849859211e85a1778efc2771efb8d56679d8a542bf88a6b3960db4330e780fdf

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjyaLccVNluiCO:V6a+pOtEvwDpjvpN

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-09_560bad413c302a624dc7ffd3f38ae557_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-09_560bad413c302a624dc7ffd3f38ae557_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          79KB

          MD5

          f97324cd1ddb588be0e2d9d02bbd44d8

          SHA1

          36388311c32a60349658ef32739a5254fad90057

          SHA256

          b8b0ba9f1940a4be887b1f4680434a8a90d8894f0304f48f64fbe3e6b6981194

          SHA512

          63be9f008959814f05134c497681d31dfa01cca3fbb8927fc9d2cc3cbd2e23009ce10f05c3f21bb7e495fc56f79fecebb5079be84546a11badc9a5ce1bf715e5

          Download Submit

        • memory/3208-0-0x00000000006B0000-0x00000000006B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3208-5-0x0000000002100000-0x0000000002106000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3208-8-0x00000000006B0000-0x00000000006B6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3776-17-0x00000000020D0000-0x00000000020D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3776-23-0x00000000021C0000-0x00000000021C6000-memory.dmp

          Filesize

          24KB

          Download