Overview

overview

10

Static

static

10

2024-05-28...er.exe

windows7-x64

9

2024-05-28...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-28_df02da677df4b7ce2112c435a8684911_cryptolocker.exe

  • Size

    37KB

  • MD5

    df02da677df4b7ce2112c435a8684911

  • SHA1

    a44aa05a6be02476fd1e743a6fb915da45aa3ce1

  • SHA256

    897aa73a3a5470df4e86510b3006248932d76d16eb2a42f1629fc62d00a78c6c

  • SHA512

    cfa125a4e7c4ed041dd1c6ab9b000aaa03c90c99774e69a20d1b2e2ea2706a9104a54c1591cd98ace7225484006ab19b86b10cf31f648b828a9b0e1b9889ff98

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4Xt9bRU6zA6o36mrA:bc/y2lLRU6zA6qc

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-28_df02da677df4b7ce2112c435a8684911_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-28_df02da677df4b7ce2112c435a8684911_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    38KB

    MD5

    e5569a333732bb6d431ec92a3406562f

    SHA1

    322244479a61dc9e933ad606182a2a1b818a9553

    SHA256

    b4e3746facc9ae13183c32773cd594f7119e4911cf7a852e224d68b23773751f

    SHA512

    015645cde77a11fa2d99fc46d78fc1797a920def805c03cd637823c6071151bccee8ab25ad348cf7f1cc4813f80f45105e3b34d9f1932d84876894d17f9f8cb7

    Download Submit

  • memory/2800-23-0x0000000000370000-0x0000000000376000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-0-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-8-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2956-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download