Overview

overview

10

Static

static

10

2024-05-21...er.exe

windows7-x64

9

2024-05-21...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-21_c9daa7b60a793b9aefaf1b25eaf6e8c6_cryptolocker.exe

  • Size

    49KB

  • MD5

    c9daa7b60a793b9aefaf1b25eaf6e8c6

  • SHA1

    924bc7d5ccd16f584d113188f0d0e91cd03aff6c

  • SHA256

    c2455b14315bbf5fd0f42ca99d4fd739c25268ef30471c12b9ea67a4385f7146

  • SHA512

    45ce6ccd91639e6b14a15f149e1ba73400f19e3cb222651b6d64fce08fccf94e8bc9b744fae70c2ebdf93b21b08ac7bdd874cd77a5cff07aa899af906ec4e832

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vdXfV:X6QFElP6n+gJBMOtEvwDpjBtEdXfV

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-21_c9daa7b60a793b9aefaf1b25eaf6e8c6_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-21_c9daa7b60a793b9aefaf1b25eaf6e8c6_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    49KB

    MD5

    c96ad1b8ca8baedafd3347f1641ecd11

    SHA1

    1efa9ecdd8ed1aa531258fa1e96a6866d2d4a35e

    SHA256

    40742e0849718143af9fe59b3629152180456e4ed63fa4537bfb382966f38c48

    SHA512

    da2720e72cbfd4d18ac5a881ca278e23e187d07eb424b50460fc8a897fa864c99de2e3e26186584e8ed87470deb1af7aa23017345a8b533419f7b3082b7b0879

    Download Submit

  • memory/1300-0-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1300-1-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1300-8-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1568-17-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1568-23-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download