Overview

overview

10

Static

static

10

2024-05-20...er.exe

windows7-x64

9

2024-05-20...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-20_3e4c9f540f79847d3148941d54cccf68_cryptolocker.exe

  • Size

    43KB

  • MD5

    3e4c9f540f79847d3148941d54cccf68

  • SHA1

    06883516de39ce797505c522fdcfdd369315c7da

  • SHA256

    b5c07689f7787151aa672b79178c65fd8c8d8261d618ba2182139049792a0d0c

  • SHA512

    2da102260ef6af7ddb042a66680c7cc970c4131b1af4a11aa62b85656858c884e0f6cbbbaf7f3ba1798b1315f08743c3651d84ff85a9ab62c9118eb0ca980465

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBVaD3TP7DFHuRcD95q4:X6QFElP6n+gJQMOtEvwDpjBmzDkWDrZ

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-20_3e4c9f540f79847d3148941d54cccf68_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-20_3e4c9f540f79847d3148941d54cccf68_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    43KB

    MD5

    6286db80f8fd8d3aeb670196220b12e3

    SHA1

    369fcbf145b6698d9462a8407be447070903f2ba

    SHA256

    8fecefe85156ffa4f11ef4eb27d2b863f10becf5098a161571fc3ba8a978f390

    SHA512

    4ca54d91b0a0f20249c8c10ea9f2ce8c01b8291a140a4352c57a496e168cc41e9676d348391b38904d232c2675ad507111cf7b960eefb811489dc0741afa3669

    Download Submit

  • memory/1676-15-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1676-22-0x00000000002B0000-0x00000000002B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2324-1-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2324-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2324-8-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download