Overview

overview

10

Static

static

10

2024-05-22...er.exe

windows7-x64

9

2024-05-22...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_3f31ee8ad8da4b9ad77aca3bdc43e50a_cryptolocker.exe

  • Size

    97KB

  • MD5

    3f31ee8ad8da4b9ad77aca3bdc43e50a

  • SHA1

    786dee5b0aab2e731bdd6ed07c78bcc345a36e79

  • SHA256

    a4f26a6d972545b039a5db14641024117369b275a42ded73854706d73ba6dd23

  • SHA512

    410735b5dc78f2de07bb2759c10158b7fc91bf53a1df4c7512e3aee4ef767458c11f7de828464bf5e833ac3b41d0f84718b6c982683b9165e82a622c5f8658d4

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjQGYQbN/PKwNgp0A:V6a+pOtEvwDpjtzo

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_3f31ee8ad8da4b9ad77aca3bdc43e50a_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_3f31ee8ad8da4b9ad77aca3bdc43e50a_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2032

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    97KB

    MD5

    9c15121070bfe18bbb6971900b3e57a5

    SHA1

    8024d61d17f64ff464962689b2f5cd4cf792bb9e

    SHA256

    57c3c6eb05a9cdf06f523fd14b2499d4a0c77d3fb9a9c8e88c44fc9c560c93cb

    SHA512

    e1dcda6c2be56972093d2517e04d237bcca54214bba1aa7a4b0021eeefb72bafd5f452dd49dfb2f900f7103a2156f04d534da2e1038bd4f7f3e4b3b737f400ae

    Download Submit
  • memory/1652-1-0x0000000000300000-0x0000000000306000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1652-0-0x00000000002C0000-0x00000000002C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/1652-8-0x00000000002C0000-0x00000000002C6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/2032-15-0x0000000000310000-0x0000000000316000-memory.dmp
    Filesize

    24KB

    Download