Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_ad45c0e242459a2e68d3e8565b6fbfff_cryptolocker.exe

  • Size

    33KB

  • MD5

    ad45c0e242459a2e68d3e8565b6fbfff

  • SHA1

    d1ce40fd8a86cb1a785450ace07d373bb8358947

  • SHA256

    3c0ee3505c17a7021ffdf287d6088161d23b1c9bcecde1f8ee8647c76c58981e

  • SHA512

    fb61c743402f844c0a05f1bc428a5be71a7d527a99e9f7dc8da55d50c2d94d7bd68f74734dfb6acfb97c59b84d3ba2cd155fb3e55e9bae7b79ee4a2527e99a67

  • SSDEEP

    384:bG74uGLLQRcsdeQ72ngEr4K7YmE8j60nrlwfjDUGTGLZ9t:bG74zYcgT/Ekd0ryfjgjt

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_ad45c0e242459a2e68d3e8565b6fbfff_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_ad45c0e242459a2e68d3e8565b6fbfff_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:2684

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    33KB

    MD5

    9b676b60de0cee0f72eaeefaea3aa5d2

    SHA1

    28fbe01a6b410c994ca3982d2c9679ac0c4f423b

    SHA256

    32badf8a520b99c940b453320b42a541c0cd2396ce8a5af97f0489b970048c61

    SHA512

    f572f0421e84a11e68608a268204ac6af1544d0ce55b1e7640ceb280cd3bc302a61b834f5157e4c42abe75b7516cce6a032e778b62dd858d7a05448fb7f72987

    Download Submit
  • memory/1704-0-0x0000000008000000-0x000000000800A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1704-1-0x00000000004B0000-0x00000000004B6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1704-2-0x00000000004C0000-0x00000000004C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1704-9-0x00000000004B0000-0x00000000004B6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1704-14-0x0000000008000000-0x000000000800A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2684-16-0x0000000008000000-0x000000000800A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2684-18-0x0000000000480000-0x0000000000486000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2684-25-0x0000000000470000-0x0000000000476000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2684-26-0x0000000008000000-0x000000000800A000-memory.dmp
    Filesize

    40KB

    Download