Overview

overview

10

Static

static

10

2024-06-10...er.exe

windows7-x64

9

2024-06-10...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 08:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-10_edf633e6fe26dc656576442404b1d718_cryptolocker.exe

  • Size

    54KB

  • MD5

    edf633e6fe26dc656576442404b1d718

  • SHA1

    4db73e0b8ac4726c6ec962b74ac60fdb569cee64

  • SHA256

    2023e3170a42e97b26a9966ebd48b69f4f61c2d4836c600b75b11aa55b5f39cc

  • SHA512

    8dd7548858b6cdd7fa2e1dee3bd604cd967bc99a3c9dd2e31df4392ff8f989cef62361aaf5d5beab922660bcd61db43bcc8f2256dc2903c527ed0d8a7883f73c

  • SSDEEP

    1536:V6QFElP6n+gMQMOtEvwDpjeJQ7pojaklPsL:V6a+pOtEvwDpjP

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-10_edf633e6fe26dc656576442404b1d718_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-10_edf633e6fe26dc656576442404b1d718_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:6060
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          54KB

          MD5

          0838132a053f50237ed921471fb0c843

          SHA1

          f63c4e5f5744acf28921a280bdca19e338b2cec8

          SHA256

          958de78a0913fd3854841f1a0738c9d722c608055bf15982bcb2c9e6e34d0670

          SHA512

          8838429f09773d0c21622b282ae39f927eeb519dc2c53d4fbf3dfe38f04cbd69a1faf3f1ec5a41938e314aefb9160aa34234c6fdf27d12267c7d140a3be2c77c

          Download Submit

        • memory/4140-17-0x00000000004D0000-0x00000000004D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/4140-18-0x00000000004F0000-0x00000000004F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/6060-0-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/6060-2-0x0000000002000000-0x0000000002006000-memory.dmp

          Filesize

          24KB

          Download

        • memory/6060-8-0x0000000001FD0000-0x0000000001FD6000-memory.dmp

          Filesize

          24KB

          Download