Overview

overview

10

Static

static

10

2024-05-10...er.exe

windows7-x64

9

2024-05-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-10_717c08d789aa2434d03267107e04bfff_cryptolocker.exe

  • Size

    51KB

  • MD5

    717c08d789aa2434d03267107e04bfff

  • SHA1

    73a7e48e8d8d5e01d40900cd52266fae42a8447c

  • SHA256

    f4f920878715cb4b837b77f94cf976fcdd8aeba3d8da654269447df6838f43e1

  • SHA512

    4825ff712edb4f210c473d97a5c4e01b60d111cb6e28da4829b010bf195bfda2b366c55b6f98baa69c7f8bebfd7a6efe0ab24deed4787ad91c74209504424f7b

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBK/rJ+Nw8qnTHGf0:79mqyNhQMOtEvwDpjBxe8GGf0

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-10_717c08d789aa2434d03267107e04bfff_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-10_717c08d789aa2434d03267107e04bfff_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    51KB

    MD5

    341b1e50b368b33a212a4838c0b16510

    SHA1

    6505598192b9a91bfa9e91f0f385efe3686c5eae

    SHA256

    396ff774dd7d5f1d036713e70cd68a457ded57a30427c5fc61030c53bb38ec54

    SHA512

    11e237fa318e0e9ecc377c519044cafdd7067a6025b63bab20a4a7d1e8c5be39d9f6849aa82db093e1626f80bcdfde9007720700a3351a15c0fdb2fd628a258f

    Download Submit

  • memory/3076-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3076-1-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3076-2-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3076-9-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3076-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4700-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4700-20-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4700-21-0x0000000002070000-0x0000000002076000-memory.dmp

    Filesize

    24KB

    Download