Overview

overview

10

Static

static

10

2024-05-24...er.exe

windows7-x64

9

2024-05-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_4cb60fb1184f33ab7cf7fe71a94baba2_cryptolocker.exe

  • Size

    74KB

  • MD5

    4cb60fb1184f33ab7cf7fe71a94baba2

  • SHA1

    ac4d4f957b28db5be807a09e747bb194912f4750

  • SHA256

    0d2c17730f46e96cfccfaae6e9482274659350e10fd3e3970eee6a0f02ffd6dc

  • SHA512

    496d051c1b77d5a72a57030c27a73ec01c6edbb29d8fd05e7347cccf253746fa035ee63b8e368df63b001d7397d317adda0ad68a36ecf62ebaf29c68bf107146

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1svra:X6a+SOtEvwDpjBZYvQd28e

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_4cb60fb1184f33ab7cf7fe71a94baba2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_4cb60fb1184f33ab7cf7fe71a94baba2_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    292dd99514cb02276c2fea9dd62b1d66

    SHA1

    8e15855443c095430d740aa9d6ba0959172089da

    SHA256

    2c0392cce23c36e70c4cd454d1557dda5aa99c63e5fda9d5ab77537b484829f6

    SHA512

    88a9fc234d32f7e042d95b95f7e2c4aeb2caa8728c6c5bae21527d14e0aaf32509c6c27564c51db20b4079db15d53e1eb7121b93df0ccf11777eb10a6f22ebae

    Download Submit

  • memory/2884-15-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2884-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-0-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-1-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-8-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

    Download