Overview

overview

10

Static

static

10

2024-05-17...er.exe

windows7-x64

9

2024-05-17...er.exe

windows10-2004-x64

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 03:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-17_709af4c1f43ef257a551eb9c4288bd32_cryptolocker.exe

  • Size

    78KB

  • MD5

    709af4c1f43ef257a551eb9c4288bd32

  • SHA1

    29188c8ac7659e2b934499016e04a92821c3f8c3

  • SHA256

    040c9f9ba4dcb6eb6488037c1d6a566e0ebbcc2384949dfff9625d3516cd268c

  • SHA512

    0541bb388f4e6a850abb2056041f663bc579761b03acc83dcd86b02d38d90ab9754a2c118536a4f2c9d8fab3dcd251ea484dabed5341c1c958c0075500002c7d

  • SSDEEP

    1536:T6QFElP6n+gxmddpMOtEvwDpjwaxTNUOAkXtBdxPUxnC:T6a+rdOOtEvwDpjNtHPZ

Score
9/10
upx

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-17_709af4c1f43ef257a551eb9c4288bd32_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-17_709af4c1f43ef257a551eb9c4288bd32_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2476

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          78KB

          MD5

          6ce6b2514bd527a5647bd7d78ee41415

          SHA1

          6b7ac8635597ef34a7511e2a62015a839fa05937

          SHA256

          6bd136c1f033ade8faeaca492dc484ca8a89e280411c18a5e48264a7e771716f

          SHA512

          771024685b6f46590107947a57e53a8698bcabade56a0b65999aac5e8225d2445736646e987a938e5668b67ee30b8a3a1d943bd5c2aeab08d3f13ff030a8f8f0

          Download Submit

        • memory/2476-16-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2476-25-0x0000000000320000-0x0000000000326000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2476-18-0x0000000000460000-0x0000000000466000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2476-26-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2664-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2664-1-0x00000000002D0000-0x00000000002D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2664-2-0x0000000000470000-0x0000000000476000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2664-9-0x00000000002D0000-0x00000000002D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2664-15-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download