Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_70ea8fb49c2a59e6d4ff42e1c15f1b31_cryptolocker.exe

  • Size

    31KB

  • MD5

    70ea8fb49c2a59e6d4ff42e1c15f1b31

  • SHA1

    129fb3bcbe2bd87cd2bf2e66bf2cdd87d915377b

  • SHA256

    e10dae50e530df6437f3011136cbb8082c00238566bad30f8b0124780289f7ac

  • SHA512

    b86cc23fd639cd727dd87e1a30c835a37228bff6dbe49c313a7d4220076cbe9f995ca7fea1b735573e2d4598f92baebff8df5e984e7008bd5542b52725916e6f

  • SSDEEP

    384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTjA:bG74zYcgT/Ekd0ryfjfA

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_70ea8fb49c2a59e6d4ff42e1c15f1b31_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_70ea8fb49c2a59e6d4ff42e1c15f1b31_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    32KB

    MD5

    b1153b9b35815c3e61b5c11cf00ef38f

    SHA1

    c5dac9e8a5a27b9b5085101b1d3ba2af5679db8b

    SHA256

    58643ecea364e2385d719fc98a562e932db5680cf689096dcb186c1a16888939

    SHA512

    af5f68f2577f0a0304881e5161ca32beeda5a3c80c784570996af291bd7f6dfedfe4305567356108f20c9a7300bbeee8dbd3fc4d0645a0cd537a450580365a59

    Download Submit

  • memory/1740-0-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1740-9-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1740-2-0x00000000003A0000-0x00000000003A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1740-1-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1740-15-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2172-16-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2172-18-0x00000000004A0000-0x00000000004A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2172-25-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2172-26-0x0000000008000000-0x000000000800A000-memory.dmp

    Filesize

    40KB

    Download