Overview

overview

10

Static

static

10

2024-05-25...er.exe

windows7-x64

9

2024-05-25...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 06:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-25_9f3249c398292307a82aeba21cef7752_cryptolocker.exe

  • Size

    73KB

  • MD5

    9f3249c398292307a82aeba21cef7752

  • SHA1

    4264833a05a696f2e22fb1d5d0908153db252c23

  • SHA256

    4d87d962758316e5b011dbbb9007bd2144583a529760397c5dd8e58a4b585c04

  • SHA512

    4745c67a4f6c13199618af43ea744e15882049d96572379b194613a4bebfa5006e87bc077fde67db1d3c7b7110bc34082c429b469c418b695fe92833a6835169

  • SSDEEP

    768:u6LsoEEeegiZPvEhHSG+gZgtOOtEvwDpjeY10Y/YMsF:u6QFElP6n+gWMOtEvwDpjJGYQbF

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-25_9f3249c398292307a82aeba21cef7752_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-25_9f3249c398292307a82aeba21cef7752_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4628

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          74KB

          MD5

          77455aa31d6ff43a5c1278a538ce7bee

          SHA1

          9a4129ef41c45a3f5b4ef1af55d2c0fcbbeaf2be

          SHA256

          84240dc62feca2911d56c9d0fcb168a7edb44ddf8fdd438725475c6936b3c889

          SHA512

          44ef6938f770c5f0d5a5e222b5972a08a8ae5ecfa9cfd4852ce0210532e59aaa10aac1107be4b50bbcf8f55efb18d8be91b86856237af609da090ab6f545dbd5

          Download Submit

        • memory/1468-0-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1468-1-0x0000000000520000-0x0000000000526000-memory.dmp

          Filesize

          24KB

          Download

        • memory/1468-2-0x0000000000680000-0x0000000000686000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4628-23-0x00000000004E0000-0x00000000004E6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4628-17-0x0000000000660000-0x0000000000666000-memory.dmp

          Filesize

          24KB

          Download