Overview

overview

10

Static

static

10

2024-06-09...er.exe

windows7-x64

9

2024-06-09...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-09_f04a84c03a201bb5e3c5c6a039e4f3c5_cryptolocker.exe

  • Size

    50KB

  • MD5

    f04a84c03a201bb5e3c5c6a039e4f3c5

  • SHA1

    bf786d5826775bc966e98933b313ce9c99b0ce0d

  • SHA256

    15d799f4d08ad4ea32db3a9342d6cd2479dc7102ce6eebe2213906af2e4246fc

  • SHA512

    e4bd22e7d505e2db9969264972ed8b7fe1d21589a126314d58bee9e88770edfe2e45bf84ffa63f56bea53573a0d201f20b1669c21bc22aa5a29644c4508e0486

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vdXfj:X6QFElP6n+gJBMOtEvwDpjBtEdXfj

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-09_f04a84c03a201bb5e3c5c6a039e4f3c5_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-09_f04a84c03a201bb5e3c5c6a039e4f3c5_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    50KB

    MD5

    f503e13b4569dfda3994f09e5b5e10ea

    SHA1

    eace9a163deb30251b589112624d53c6cfda36d8

    SHA256

    749c0590f97d26286508e52c377c1923ea7f694961886e02ade3c7e2d4e69d84

    SHA512

    531351ca97c553a6b415a6b59110daefa37265a3a0932d7e09909a8eda21fa51c1e43659a917445ef39b14255cad243a112302a866fe81963d3391ca45069d8a

    Download Submit

  • memory/4212-17-0x00000000004F0000-0x00000000004F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4212-23-0x00000000004D0000-0x00000000004D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4556-0-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4556-1-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4556-8-0x00000000006B0000-0x00000000006B6000-memory.dmp

    Filesize

    24KB

    Download