Overview

overview

7

Static

static

3

2024052155...er.exe

windows7-x64

7

2024052155...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    202405215535790bed5f726d3020222a4907b59acryptolocker.exe

  • Size

    48KB

  • MD5

    5535790bed5f726d3020222a4907b59a

  • SHA1

    5fdba89f285ae35494497394a218124d7d207d89

  • SHA256

    68ffad18f738fda4c5d6820be2fef8418aa340e47d1f21ff332da48699882082

  • SHA512

    add93887f1454da8c004edff5c9452875c79df46a1f399a30c0b5b55285dbdbe5cd49431a97b0a5b3df42ba99699a5808a42343f5f4ca0b73637bbbd68d49186

  • SSDEEP

    768:P6LsoVEeegiZPvEhHSP+gp/QtOOtEvwDpjBBMLZdzuqpXsiE8Wq/DpkcI:P6Q0ElP6G+gJQMOtEvwDpjB8WMlfI

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\202405215535790bed5f726d3020222a4907b59acryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\202405215535790bed5f726d3020222a4907b59acryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    78a137438e122b10a6369c036f10c148

    SHA1

    d1885a42250a7ce4e341516090f448a4999526ed

    SHA256

    7c465fbd4bd4c595da054855436f4409f739dac12a283fdd30da62515826173e

    SHA512

    dd41fd71ed218dc6d20f77b3327d93d4c26e3390489f393a5422c493e0d2a754c4d961ecf9f67098dca2564cef337644771354829684159ba4d6abc61a7c9fa4

    Download Submit

  • memory/1068-18-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1068-21-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1068-26-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1068-27-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1692-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1692-1-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1692-2-0x0000000002040000-0x0000000002046000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1692-9-0x00000000021C0000-0x00000000021C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1692-17-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download