Overview

overview

10

Static

static

10

2024-05-17...er.exe

windows7-x64

9

2024-05-17...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 10:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-17_285d3588870195d7d192837154fe4a16_cryptolocker.exe

  • Size

    38KB

  • MD5

    285d3588870195d7d192837154fe4a16

  • SHA1

    c818a0a01a584f4b6a735bffe80cfd8686d44683

  • SHA256

    0a241e70badc29bedf3dbb1201ee849a4e688b40ebaa5a48c0b4fdf516dd3e60

  • SHA512

    9ab8324f70a0b1b3a68ef6dfd022d7849a665f26f95b544eeb7f283f1be7006db87548cdd2e0b946a88601628c2d9c0a2a4833d311894634fbed6b2591dd5edf

  • SSDEEP

    384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoCt9/B1RU3V6uVjhbuUZ:b7o/2n1TCraU6GD1a4Xt9bRUlV5hbbZ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-17_285d3588870195d7d192837154fe4a16_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-17_285d3588870195d7d192837154fe4a16_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    38KB

    MD5

    c0951b3eecd12e1656783e451fc96798

    SHA1

    6417d7046c4c856382907c8ec9f5511ca9e408b9

    SHA256

    252b0bd2982a80d7c6b5b488300425aaff715532c90e6434566fb0d217133665

    SHA512

    fb3caa0f9a6b6a31189be2a0c77124acf4bcac9f02eae7b2f6b3203b1b94c73591faf11dbc28766ec0ca1ad18a6fefe04fb70331eabe27366bfd94974cffeb3a

    Download Submit

  • memory/2468-23-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2988-8-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2988-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2988-0-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download