Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-06-2024 04:36
General
-
Target
2024-06-20_de745a42217582caaa7267f115bcf8a6_cryptolocker.exe
-
Size
47KB
-
MD5
de745a42217582caaa7267f115bcf8a6
-
SHA1
1e07ff3d3c16b4e67c529f83ded621196b5aee30
-
SHA256
928f83de46df937c6b26891af77b3fe88b351aab6f5c3580e3caf8f1dc8571d8
-
SHA512
b28f8415c347bf56f550ca345c4f1b508c027892d5cc10d5bf531d347784a066128470cd10a898461f6b6c6c72ffccc1c4803ebaaada6cc6db63a0f89e61d733
-
SSDEEP
768:y6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpjbXOQ69zbjlAAX5e9zrU:y6QFElP6n+gMQMOtEvwDpjbizbR9Xwz4
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-20_de745a42217582caaa7267f115bcf8a6_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-20_de745a42217582caaa7267f115bcf8a6_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47KB
MD510658c1fe33276ba8d61ab97cb086841
SHA116a9e7abc11fd70c5b638b59680515b071a3e153
SHA256ff9054c3aa77e96998f1c51c082fb230e254881c1d25b844b701dc3ed7c0dd89
SHA5129bc48ffb3e9bf94664861ec576e23719b772cbbe7c6818a6a273b50897ff6735d986f7eafcda52f7944ccc027a82b00a08daaee9338071df8dd09d31a979be85
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB