Overview

overview

10

Static

static

10

2024-06-08...er.exe

windows7-x64

9

2024-06-08...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 02:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-08_55ceb264a4c7eff4a4dd30bfc0b7bf85_cryptolocker.exe

  • Size

    56KB

  • MD5

    55ceb264a4c7eff4a4dd30bfc0b7bf85

  • SHA1

    7b13f9aec1c1a9cbe998dee5f45807cb243cbb2e

  • SHA256

    4cb9ad14ef79564bf39906905c503294cd7c564bdccc824037c7b2a3886089fe

  • SHA512

    eec67dbc9ea254ba0a1b8c5c820df9865b325ce3fdcf53d855124c111a0fea371ef612a531ca5b458f8c9bda638101d5a02c7f856a896d5b998b84c359e4d2a1

  • SSDEEP

    768:b7o/2n1TCraU6GD1a4Xcn62tH/1/Lp17zJIfeVEuUr6Wxc:bc/y2lm6iH/NLp17zrV98G

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_55ceb264a4c7eff4a4dd30bfc0b7bf85_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_55ceb264a4c7eff4a4dd30bfc0b7bf85_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\rewok.exe
      "C:\Users\Admin\AppData\Local\Temp\rewok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\rewok.exe
    Filesize

    56KB

    MD5

    5a71cc93de3461d90879fcf30821ddd3

    SHA1

    286dc5372df1701a61d27bc264f9f7dd1c5a4cef

    SHA256

    092bc8bcb44f53a561f9c93cd0cd75005733ef5890a03bd583b869c710ff883a

    SHA512

    c76eb1fb254e74a9cf6d67c25b5ee7ed27ab47b605716d37bcbb5b532acb8f753699454eeabc0c678587a15212347a31a4d7b6e84e35843f0a0238afbf0d3f5a

    Download Submit

  • memory/2296-8-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2296-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2296-0-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2608-23-0x0000000000390000-0x0000000000396000-memory.dmp

    Filesize

    24KB

    Download