Overview

overview

10

Static

static

10

2024-06-11...er.exe

windows7-x64

9

2024-06-11...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 09:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-11_d2a6b2e74c3fd3975c0e209eb265418d_cryptolocker.exe

  • Size

    74KB

  • MD5

    d2a6b2e74c3fd3975c0e209eb265418d

  • SHA1

    985c37c1ce4d3fc15c6e56619a4083566dc2aa58

  • SHA256

    d2771c975f7477fce33e8d2090dd599aa5f60d0f2c2baf17789aafa61a1b46b7

  • SHA512

    3f42cd3ff9c504c10ffe3be5c6d37e18d1f9af918b73788c738d760f2fc659ce48ef48e3bfa9f4f4849571b653b0870c613f817a5a43b0bdc5bfc6d442485653

  • SSDEEP

    768:u6LsoEEeegiZPvEhHSG+gZgtOOtEvwDpjeY10Y/YMsP3:u6QFElP6n+gWMOtEvwDpjJGYQb/

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-11_d2a6b2e74c3fd3975c0e209eb265418d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-11_d2a6b2e74c3fd3975c0e209eb265418d_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    74KB

    MD5

    5755e65d9d561a8794e766ab3f94dab8

    SHA1

    90c831fb5f2be76a16217258b91bf7bd36b7fece

    SHA256

    6d7f61d0a30dd244ee3e790ccc6d0575560578d34f3d1b21a45285e19d4ec465

    SHA512

    dee5d8f898fda54bdf3299273130c9b7235551d53d2da1c01f9170476c8306d9a5dbc1354d72bb312666ea4a09ddbdc8d3cb83e0380c9baf41e441c990088b73

    Download Submit

  • memory/1940-0-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1940-1-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1940-8-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2964-15-0x0000000000340000-0x0000000000346000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2964-22-0x0000000000300000-0x0000000000306000-memory.dmp

    Filesize

    24KB

    Download