Overview

overview

10

Static

static

10

2024-05-15...er.exe

windows7-x64

9

2024-05-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-15_6bac12e2aa28b0fc01d1efd6cf6bd68a_cryptolocker.exe

  • Size

    48KB

  • MD5

    6bac12e2aa28b0fc01d1efd6cf6bd68a

  • SHA1

    bc87fcb312b279d48419357bd36dd997406ea268

  • SHA256

    827955284cc9f25bc8d8423f4c5d9b1ba1cde3c231b59e8e8700d886ce887663

  • SHA512

    e37244e6bfce12e657dbb192d00ed8190539168cad764a42ac989bf664c17c2f444b9ef92619353649009bd7d00184e3ca714b8ca63fa76f4176783956548f25

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBKccJVODvy3Sp8LC:79mqyNhQMOtEvwDpjBzckqSuG

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 3 IoCs
  • Detection of Cryptolocker Samples 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-15_6bac12e2aa28b0fc01d1efd6cf6bd68a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-15_6bac12e2aa28b0fc01d1efd6cf6bd68a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    1ae8e913b022292e75877013f0aab587

    SHA1

    58383fb8accc487e5cc59c093258fdb756e9cd52

    SHA256

    3c80183c55271000bc75b5017af970cbed6f242a47fc37230740559ca746adad

    SHA512

    ba9191abd3adf27752ba1c0eae59a8d44c97007b8d667d39e1d7f2962795096e797321bf1eb492b2408f5af86bc237d0fe3e4876025bf07c7a6e08373e629d01

    Download Submit

  • memory/848-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/848-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/848-2-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/848-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/848-15-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2248-17-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2248-24-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download