Overview

overview

10

Static

static

10

2024-05-29...er.exe

windows7-x64

9

2024-05-29...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-29_c5278d5c9c6cdcead4228036a2440417_cryptolocker.exe

  • Size

    39KB

  • MD5

    c5278d5c9c6cdcead4228036a2440417

  • SHA1

    de354ea0b95a47c97835602f8a06ade891714f35

  • SHA256

    b81219f79045531ab623cd9b2095182f5e2eebc953bb0a05cb38dfb42dfa5cdd

  • SHA512

    109c9822e064e072eb3cb56f3ee04623fc705fec770720526d01852b6d73bc14fccf5e786c525b139afdbb141f0aaf2a53e8bca8d07a22c417fd6e46c558c6f9

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4Xt9bRU6zA6o36m+7I:bc/y2lLRU6zA6qP

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_c5278d5c9c6cdcead4228036a2440417_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_c5278d5c9c6cdcead4228036a2440417_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    39KB

    MD5

    5a9ebe5b4e743c6bfb3e36b6a1a40651

    SHA1

    275446aec46690c8ef7722f016306edd1fe8eb1d

    SHA256

    fea83699c8bf2c949d783e150eb2e1cb34503c829fe75cc5296b0d3ffefdda1d

    SHA512

    bdf3a03f9aa2a2b3bd915a85d7993e084599a9d922880085907c096f694efac05e3b1cd53cb986c7376d3b66052ed637ff6a8f9216d2d2ecc2a4754d4f012bd0

    Download Submit

  • memory/2592-23-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2936-0-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2936-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2936-8-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download