Overview

overview

10

Static

static

10

2024-06-04...er.exe

windows7-x64

9

2024-06-04...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-04_e649cb60a70b0b9e35fca67f3b08d2a2_cryptolocker.exe

  • Size

    47KB

  • MD5

    e649cb60a70b0b9e35fca67f3b08d2a2

  • SHA1

    3fe935edccbf80cc4893c858503d912f7a5a6a7d

  • SHA256

    920e364e1b8a7ef7dcedb26c2c44a1271118ea6b09c9e4c3cb9e58f4888de72a

  • SHA512

    fb74e27a28fb62d990d754a95b15bf04fc680a1bde065da428fc3ede12d65da076aa9281bd45ac16cb4eb58f356b664918a5910e8a588a1091b7f2489945789a

  • SSDEEP

    768:79inqyNR/QtOOtEvwDpjBKccJVODvy3mo:79mqyNhQMOtEvwDpjBzckqmo

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 4 IoCs
  • Detection of Cryptolocker Samples 4 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-04_e649cb60a70b0b9e35fca67f3b08d2a2_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-04_e649cb60a70b0b9e35fca67f3b08d2a2_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    48KB

    MD5

    ed99b507aff836aa2796cb764df3e484

    SHA1

    2e4ed29a289341ba1ca20106fe19ad7504ea4e04

    SHA256

    03f771d4745a45e02b7c249ae273944d8c5eacb24255f48cd35c2afa0a842871

    SHA512

    c4b7f0c1314c00f7bc6ab18b0fd888709ab84d6aed1ad9fee68773fedd30aa0337887f899cdc0891578e17c815a3e7b222fec99f5c0a701f445f93be49140ea3

    Download Submit

  • memory/1072-0-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1072-1-0x00000000021E0000-0x00000000021E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1072-2-0x00000000021E0000-0x00000000021E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1072-3-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1072-18-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4628-17-0x0000000000500000-0x000000000050F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/4628-20-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4628-26-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download