Overview

overview

7

Static

static

7

2024-08-07...er.exe

windows7-x64

7

2024-08-07...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-08-2024 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-07_ba9f7c4c072dbef249cbeb09b1fe0feb_cryptolocker.exe

  • Size

    59KB

  • MD5

    ba9f7c4c072dbef249cbeb09b1fe0feb

  • SHA1

    79f49df42d38dcd2ed4e440261ebe5c9568d78df

  • SHA256

    bfa6c8a7e34b0b943880ccc6455932239754859233802738399bd3cdf99b6595

  • SHA512

    ee9a3df8921f5c779b114a456fc1f0dbd50a16a2b573b95628cd5ac63fb0cff20293443e6e415342428192a7b6981bd89d79dd814a73b679bd3b9f0b8d238121

  • SSDEEP

    768:z6LsoEEeegiZPvEhHSG+gzum/kLyMro2GtOOtEvwDpj/YMLam5ax+NM:z6QFElP6n+gKmddpMOtEvwDpj9aYaj

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-07_ba9f7c4c072dbef249cbeb09b1fe0feb_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-07_ba9f7c4c072dbef249cbeb09b1fe0feb_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    59KB

    MD5

    c6b8b6c674820d48cadc4770a03c2808

    SHA1

    977f725abb5412eb272e84072ce6e90c3f3512bc

    SHA256

    ab9edb7e190073915764982ff6ffaaab84dcfbd5bfcba3913f195f61956dd009

    SHA512

    e2e2847aed33be354e88a08b0000869a52e603f98c197575f2088fe4f8589b1e0b5c08700a293e33269ef85d7118492f8fee18207ececb420eb9c801f621ba07

    Download Submit

  • memory/2016-16-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2016-18-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2016-25-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2016-26-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2984-0-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2984-1-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2984-2-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2984-3-0x00000000003F0000-0x00000000003F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2984-15-0x0000000000500000-0x0000000000510000-memory.dmp

    Filesize

    64KB

    Download