Overview

overview

10

Static

static

10

2024-05-24...er.exe

windows7-x64

9

2024-05-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 04:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_cec85a4101a8e7156c508e70d19a3be9_cryptolocker.exe

  • Size

    41KB

  • MD5

    cec85a4101a8e7156c508e70d19a3be9

  • SHA1

    7390fb97f9f17996f94e0bdbda2888af145c6773

  • SHA256

    a79f26939b0725d03b861cc7ff1e585787de02d85cf1fb6bbcfd0cd17967a2d0

  • SHA512

    850b98e9ce6a2d5dba8f188362c62b518a121213382773a9051c214174a0c6ea1bc3e0b782eae3ddbd2d198c7faee3d87821aa622e0b196aff1ccd4c023f315c

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/QtOOtEvwDpjBaac4HK/wSvuQTCyD/95f:X6QFElP6n+gJQMOtEvwDpjBsYK/fbDFh

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_cec85a4101a8e7156c508e70d19a3be9_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_cec85a4101a8e7156c508e70d19a3be9_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4268
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    42KB

    MD5

    fff9fbddd27152e1d5cb3f4557f93a51

    SHA1

    054bec6abccd0b7281acc04b8c11f57307011594

    SHA256

    961d8ee0775c8407604b88ba9ab4bf987e3de961c4c8cf3f64586978d58259d6

    SHA512

    db4c1ad9b3c6f12a97a47f23ec31c2fda1aaf45f03f566cc4c47e2c42b140963eef77ac3cf480f7add62ccd672ad610160eab6aeb4646546fb77e87a0f8cbb38

    Download Submit

  • memory/4268-0-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4268-1-0x00000000007D0000-0x00000000007D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4268-8-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4600-23-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4600-17-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download