Overview

overview

10

Static

static

10

2024-05-24...er.exe

windows7-x64

9

2024-05-24...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-24_f8ef4baf244e2bbb603a6551ec7474d4_cryptolocker.exe

  • Size

    49KB

  • MD5

    f8ef4baf244e2bbb603a6551ec7474d4

  • SHA1

    62550d1d1d111ece9d574dcbd5ac212c9503a719

  • SHA256

    0cc307570b8f42ff05ec78a35c7b3239da4921385c61a7e47f1b3ec3ab791106

  • SHA512

    5ba873dbbd00c73727091efa050f758a3745eb5aaad0cddf394574f660d6dc7ec98b586243168ca5f05d8e522b63331c30edf1209d98b563286eda18c8e7a623

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vdXfj:X6QFElP6n+gJBMOtEvwDpjBtEdXfj

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-24_f8ef4baf244e2bbb603a6551ec7474d4_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-24_f8ef4baf244e2bbb603a6551ec7474d4_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    49KB

    MD5

    20ae71c7ae1e4c695ec0bc99c46aa46c

    SHA1

    ada311c8693da5ba2b6bbeac8adef3d1a4473482

    SHA256

    14be72d61e7118341968abe840839585facfd1b65c0df320b0417e84d4c2ed45

    SHA512

    4c6f86e2e9e4ea2bf94af8d80cc2741331babf96c7d39a0dd24767f3aced4d1e3b87a86fb66af78a6852bb3bb54d1da818905bc252bb9660c1ea63de75a5e5ca

    Download Submit

  • memory/804-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/804-1-0x00000000020F0000-0x00000000020F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/804-8-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1076-17-0x0000000001F50000-0x0000000001F56000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1076-18-0x0000000001F70000-0x0000000001F76000-memory.dmp

    Filesize

    24KB

    Download