Overview

overview

10

Static

static

10

2024-05-15...er.exe

windows7-x64

9

2024-05-15...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-15_8090537a514479de87476f00b487041f_cryptolocker.exe

  • Size

    46KB

  • MD5

    8090537a514479de87476f00b487041f

  • SHA1

    75fb18f63fe4fc0af13f5c11f9ea064002e79a5e

  • SHA256

    7065fc35b14ed2ddd4dcd008ba89c9621273e9203d8c33a93b29f6e872654a33

  • SHA512

    655132c2285c3b14428ad57451a349391655d8e085abeba68d58be29022b2668a3f9acec42c5860c3131888a1e6584bedb3d3831830b1a98e6337ad813b4e2e6

  • SSDEEP

    768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPlEB:P6QFElP6k+MRQMOtEvwDpjBQpVX8A

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-15_8090537a514479de87476f00b487041f_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-15_8090537a514479de87476f00b487041f_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:3640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    46KB

    MD5

    0d5201a4f9dbdc20b055677d97e678ab

    SHA1

    3158d388dd7036adc10a6f4c42470e7258a35d76

    SHA256

    5836d9250a780d2e9af3e4b2231a11d920ccdbec664a52aaee719a948bdff4c3

    SHA512

    089ba5f66c7c05e2f987ae201bb18f8bfb0adbd157e5a115d48435ba28f72abf8afb09ef8396ecb7caff97a12467b60aceb6dfea55f121927b1e594e50464f60

    Download Submit

  • memory/3640-19-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3640-25-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3640-26-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3952-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3952-1-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-2-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-9-0x00000000021D0000-0x00000000021D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3952-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download