Overview

overview

10

Static

static

10

2024-06-30...er.exe

windows7-x64

9

2024-06-30...er.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 00:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe

  • Size

    78KB

  • MD5

    7a4fdbb13c66da86c2308f753d70ecf0

  • SHA1

    1341605a37ce997c03c102024cd41f58d5a0be03

  • SHA256

    af9cb155fde17b6540e2f75c6db9aa5f77ad874767e2ea9f95e54c6330f09925

  • SHA512

    b178abeb9a411ffaa0d4c6a62d94e80dac4b32f5c076e1aebbc6ae5d585123cc13500f8fd975be7a1bfe37aa068a94f201c029c012d15d7d93c22e5877cb7d2d

  • SSDEEP

    1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1rHsoLkt4:X6a+SOtEvwDpjBZYvQd2d

Score
9/10

Malware Config

Signatures

  • Detection of CryptoLocker Variants 1 IoCs
  • Detection of Cryptolocker Samples 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-30_7a4fdbb13c66da86c2308f753d70ecf0_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      PID:576

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          79KB

          MD5

          f6fe3ebcb8f6f375768ef4eb47c089da

          SHA1

          f4e4535e6002235241f93e18f41e885c8f3e72f9

          SHA256

          9d759d935046a4ef64dd0ae4af747258cc0252aa1a69fec656e7c1ec69c4f82b

          SHA512

          8bfdd463ce67096fe8865b84ffe9a9ae731deb80ae0a9b010ccc1f857c101e26c2f6a9f0421803d0fa07b36433a79ae314fb39b6517d3d8b232cccbf81fa1df4

          Download Submit

        • memory/576-17-0x0000000000650000-0x0000000000656000-memory.dmp

          Filesize

          24KB

          Download

        • memory/576-23-0x0000000000630000-0x0000000000636000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2852-0-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2852-1-0x0000000002070000-0x0000000002076000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2852-8-0x00000000021D0000-0x00000000021D6000-memory.dmp

          Filesize

          24KB

          Download