Overview

overview

7

Static

static

3

2024-09-13...er.exe

windows7-x64

7

2024-09-13...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-13_44194339f532639cc3f2ae9e03e881ea_cryptolocker.exe

  • Size

    44KB

  • MD5

    44194339f532639cc3f2ae9e03e881ea

  • SHA1

    ba2dca6d58660a01f5c956e39d31c7e645c3361c

  • SHA256

    161391d492668507ce3aa92e75741c5fb6c6d92a2f875008a676067d4a61dcb0

  • SHA512

    cc28c8852f7bad46c9ccb3bd8ffebd04f121c1425d6f5eae098147ea8526e391bd765b24de7f921413c9a5f92d3749bbfbe2963dff3617b604f2351e4705b461

  • SSDEEP

    768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6WaJIOc+UPPEkL7vF1TE:YGzl5wjRQBBOsP1QMOtEvwDpjgarrkLE

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-13_44194339f532639cc3f2ae9e03e881ea_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-13_44194339f532639cc3f2ae9e03e881ea_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    44KB

    MD5

    b9dcf07407c4ee016badc7f4eeca79b9

    SHA1

    f4efb53300e857fc9db3862ebfcec28baf66cf5e

    SHA256

    07133352398897356fab967debf34f95cffb340f636b8b4b04b48779eef38ed0

    SHA512

    d16d778a7fde26aaff2f83d7f40427386820c66ff1b2f2da0e9f372669fbead31a4eef43f1784dc55324a52552fb0a5951f1624fb1920fe3abb90ff48ba7b1c6

    Download Submit

  • memory/2204-0-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2204-2-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-1-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-9-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2204-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2648-24-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2648-17-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2648-25-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download