Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_b44162a871b70379e7182cb36675f60c_cryptolocker.exe

  • Size

    64KB

  • MD5

    b44162a871b70379e7182cb36675f60c

  • SHA1

    16dbd9fa399b57b5bf877429a2ebd9e3b26d396e

  • SHA256

    7fa575c788ec719399c765550df333257e44d663938b3589fd665f64ab6fdd55

  • SHA512

    969d3792a8e6a27eb4732d2a9545c9551e831c523de396e64bb166043db9dbc451ffcd28882bf5b6e4ee5d3c5e865b40a3d52f66f71b50ca0a1630f912b0dce7

  • SSDEEP

    1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb61vSbgtsi1:BbdDmjr+OtEvwDpjM80

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 2 IoCs
  • UPX dump on OEP (original entry point) 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_b44162a871b70379e7182cb36675f60c_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_b44162a871b70379e7182cb36675f60c_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2016

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    65KB

    MD5

    e0af046042a405e45c3e88fd0332b70e

    SHA1

    466cb3698d1c23973504e587faf642134af5012c

    SHA256

    6848a19aa2d2e3ce2b7cfb76e0f600619c94ab5ed1110d44d39fcc07105682d5

    SHA512

    4185862b81f4082354124ddea7ad1d48620a4e78a0ec67e49ab980d0509cea4a371eb1645672eb88624cb056c127bde158d19d59711dc7ee4526ed77934977aa

    Download Submit
  • memory/1676-0-0x0000000000500000-0x0000000000510000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1676-1-0x0000000000240000-0x0000000000246000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1676-2-0x0000000000240000-0x0000000000246000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1676-3-0x0000000000280000-0x0000000000286000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1676-12-0x00000000006A0000-0x00000000006B0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1676-17-0x0000000000500000-0x0000000000510000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2016-27-0x0000000000500000-0x0000000000510000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2016-26-0x0000000000290000-0x0000000000296000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2016-19-0x00000000002D0000-0x00000000002D6000-memory.dmp
    Filesize

    24KB

    Download