Overview

overview

7

Static

static

7

2024-09-15...er.exe

windows7-x64

7

2024-09-15...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 06:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-15_cc40cdd329d4e1ce31b7d4bd212832c1_cryptolocker.exe

  • Size

    53KB

  • MD5

    cc40cdd329d4e1ce31b7d4bd212832c1

  • SHA1

    fbcd5c8d3adb2a334d0b00d6f78f91aa5f0defab

  • SHA256

    18aaed27cd118f900e4c1e5b24fbe75551a1730ce9447a13477f595a2e03a129

  • SHA512

    3560c56be37d1f007926a7426b41f7f591d21a1e8421fd2bd0e2625630ca9865455246878853f90d150a4ed4f1ae8708ad12a3b4ebea472ceb0d3103ba971f64

  • SSDEEP

    768:z6LsoEEeegiZPvEhHSG+gzum/kLyMro2GtOOtEvwDpj/YY1J+OTOm8:z6QFElP6n+gKmddpMOtEvwDpj31im8

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-15_cc40cdd329d4e1ce31b7d4bd212832c1_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-15_cc40cdd329d4e1ce31b7d4bd212832c1_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\asih.exe
          Filesize

          54KB

          MD5

          c5523ef0ff34b2e4086491e6f8de2b6f

          SHA1

          03110f536ab9decbefab7bd63941fa73cae24555

          SHA256

          44445c020d442b0e937565abe2c177616fa38c0e365e7c4ca6dcbb9ecd05e786

          SHA512

          74ca36420cc84155cd2027dc633fa0f869663af84e9a1f10952d827caf502a6eaea1ff0c0a0a21c416cfe3620ccd3b19350680728f4b32ee2255613d1c5aad09

          Download Submit

        • memory/2776-19-0x00000000020F0000-0x00000000020F6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2776-25-0x0000000000730000-0x0000000000736000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2776-26-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3916-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3916-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3916-2-0x00000000006A0000-0x00000000006A6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3916-3-0x00000000007D0000-0x00000000007D6000-memory.dmp

          Filesize

          24KB

          Download

        • memory/3916-17-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

          Download