Overview

overview

10

Static

static

10

2024-05-10...er.exe

windows7-x64

9

2024-05-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 12:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-10_521612a32421273ce779cd41a803677c_cryptolocker.exe

  • Size

    40KB

  • MD5

    521612a32421273ce779cd41a803677c

  • SHA1

    a981721f325ff81c7acc0f7e943ecf59ca0b1e28

  • SHA256

    785b31d2ddd39821e5ef30a3bc05fd2a3fec45268115d45e83cc0289e67f3cd5

  • SHA512

    c4fdb4b5f1dec57ac0a85a76ca24f474d75284fff4f3fa7708b8e47f9b7f3bc3f926b8c4d00aa12929d3c8f0b55d8d5a43a03440d438073130e1d6ac525e805b

  • SSDEEP

    768:bA74zYcgT/Ekd0ryfjPIunqpeNswmT3Hwz:bA6YcA/X6G0W143Qz

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-10_521612a32421273ce779cd41a803677c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-10_521612a32421273ce779cd41a803677c_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    40KB

    MD5

    05f517b8047e1eab776039105b06e508

    SHA1

    6d6d92268ffa11896fc142ff8d16923594885cde

    SHA256

    d5210a1fba392d488f6488997559142c0e232d1c2483d2755ebde78e0b4bd593

    SHA512

    bb26ab3947e8ab785364db1031afcb041135adb2ab04e010c71975c3a1a76a71fa26f1a5712d5f2a9b6e8fbd88b2587d34a98d966721c1033721f2ec74b914f5

    Download Submit

  • memory/760-15-0x00000000002B0000-0x00000000002B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/760-22-0x00000000002A0000-0x00000000002A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-0-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-8-0x0000000000310000-0x0000000000316000-memory.dmp

    Filesize

    24KB

    Download