Overview

overview

10

Static

static

10

2024-06-04...er.exe

windows7-x64

9

2024-06-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 04:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-04_691a3407bfb954dda57116fb249e6d55_cryptolocker.exe

  • Size

    46KB

  • MD5

    691a3407bfb954dda57116fb249e6d55

  • SHA1

    1c72e28eb7f837f5529d911e3162218b1ed40089

  • SHA256

    4ac155fccc0dfb1c73b1ca285b0d99ff5d16b8dfd72f6c378b4431164d0a10a1

  • SHA512

    edd21e6bd6eb4af2ad7e502ccbbc78d1e6f2d14cf17d8c8abf1e521cb84bd2ad67dda382bba7f76b19970b4fe87258b308b59329b6ab1e276b11f4cd1d1c8a8d

  • SSDEEP

    768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAPO:P6QFElP6k+MRQMOtEvwDpjBQpVXL

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 5 IoCs
  • Detection of Cryptolocker Samples 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-04_691a3407bfb954dda57116fb249e6d55_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-04_691a3407bfb954dda57116fb249e6d55_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    46KB

    MD5

    70c56a364825cb669eb75fbb50b92bec

    SHA1

    111dff09d72ba1108760cd88963f2bf89051d4a5

    SHA256

    fd420f6dff95734864f0c4ffa220eb3c73678b4de2defe214e1e71d9984f6e42

    SHA512

    b92ecda09561d1baa82acfe9dc03295a4a6d104b36683fea768f938a3f864140040d56e3bfe7d80bf1a0642432e65a7a76d7f1d10d0c25c8a70366e0d9163725

    Download Submit

  • memory/1632-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1632-1-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-2-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-15-0x0000000002270000-0x000000000227B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1632-16-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2748-25-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2748-18-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2748-26-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download