Overview

overview

7

Static

static

3

2024-09-07...er.exe

windows7-x64

7

2024-09-07...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-07_8d80bf803c941929d6cb82599cc0e59d_cryptolocker.exe

  • Size

    53KB

  • MD5

    8d80bf803c941929d6cb82599cc0e59d

  • SHA1

    56d5ce3034f22d94a93b510158046843f9e3c221

  • SHA256

    03f007cc90b73413af191aa50123570b21e21ec7ac1fb2ec4737e8eddf465bb8

  • SHA512

    09451cff5686decc0951f9de38e23845c505f24a53b9232bf6255ed2485e8643088ccb4f02fa8f2ac464ff5941d111cdb76a911c71568143c50de826e22c18c1

  • SSDEEP

    768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vxmlcaTYa:X6QFElP6n+gJBMOtEvwDpjBtExmlka

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-07_8d80bf803c941929d6cb82599cc0e59d_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-07_8d80bf803c941929d6cb82599cc0e59d_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    53KB

    MD5

    28762b10887d540267aa1f71bb415e18

    SHA1

    b656c1643ddbf071340ba9498920c648a5794273

    SHA256

    89dbb061fa2fdffe0bd177e1eea6e95c2a368863e01e9349f83e971d52328ea4

    SHA512

    2e2491de1c7ab9ce33e4eaa3183d64286cb3a75215606c6c102b34d089de8dbbea4784412cf005cd17ce260999060f9ca74f9e379bfd049d5d7161f72e1d9873

    Download Submit

  • memory/964-0-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/964-8-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/964-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2584-15-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2584-22-0x0000000000420000-0x0000000000426000-memory.dmp

    Filesize

    24KB

    Download