Overview

overview

10

Static

static

10

2024-06-12...er.exe

windows7-x64

9

2024-06-12...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-12_a7bd4e0b80698d83c21dbb347770b0be_cryptolocker.exe

  • Size

    77KB

  • MD5

    a7bd4e0b80698d83c21dbb347770b0be

  • SHA1

    29a1a8ff8dfbc838eda07938581ed1e06def650b

  • SHA256

    4464116caef6ed71e0756a8dffa8326a95c8a36145f2d34b03206d39bfe07840

  • SHA512

    c6bccd895805950858e4026b61417c643f4042184c1f3b050b8196517e9bbb79fd6555944791e930c674a52d7164b9c3f82eb9bba9e58c4eac7fca3e4f77b219

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1sim:X6a+SOtEvwDpjBZYvQd2A

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-12_a7bd4e0b80698d83c21dbb347770b0be_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-12_a7bd4e0b80698d83c21dbb347770b0be_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:4604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    77KB

    MD5

    b95e5cd86eb908afe541a5d909bf38e7

    SHA1

    3fd4e464fc5431f6fc23cea0659746edc1876983

    SHA256

    d75537283b26bcd0a13762393c40d2e957617ccb832ad1bac0ee71537a22017a

    SHA512

    ae66a2679a1ea49464f25e24312e7fd1ee0d420665909e85691524403b138125d58a058b31dbe6f394db53a3f16e7e66c35acaa7da76a1b41122213cfb32b2e8

    Download Submit

  • memory/1384-0-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1384-2-0x0000000000660000-0x0000000000666000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1384-8-0x0000000000630000-0x0000000000636000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4604-17-0x00000000006E0000-0x00000000006E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4604-23-0x0000000000670000-0x0000000000676000-memory.dmp

    Filesize

    24KB

    Download