Overview

overview

7

Static

static

3

2024-09-15...er.exe

windows7-x64

7

2024-09-15...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 10:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-15_0d036eb2f515450d5c5a99d3d2133c8b_cryptolocker.exe

  • Size

    45KB

  • MD5

    0d036eb2f515450d5c5a99d3d2133c8b

  • SHA1

    a96dd43babe1bcc7c13b943becc8e66b0cb3e523

  • SHA256

    4537c8a1acdde8200b63f73e837bd03d67c6bfefa71f1318a6f6a9342b78686f

  • SHA512

    71086a16ff1b9857bbcbd1fb9f923bff200fe2b81316afb62ba464c6459385456dfc21cf1447a5f2dfc8ad5574b0fd131b0484bc552f21701c4325a7a838ae84

  • SSDEEP

    768:P6LsoEEeegiZPvEhHS5+Mh/QtOOtEvwDpjBpaD3TUogs/VXpAP+o:P6QFElP6k+MRQMOtEvwDpjBQpVXO

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-15_0d036eb2f515450d5c5a99d3d2133c8b_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-15_0d036eb2f515450d5c5a99d3d2133c8b_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    46KB

    MD5

    c095b338381d977704f021aa840d1b6c

    SHA1

    3a26ab952232d3360c2b0c2d15c695ed1ecbe060

    SHA256

    bbf03cfb2c7ac7ad9248c2ba52bd8721b9f141ad9e2d088e0ecd55b08db18191

    SHA512

    d08ba67c1851d4da126411ff6c8dd006ef349a64c1be8e486715d7256b07369559ed61099684663a409d4aeb32aeed1fd06d8a6a2daec96299e863e8e92fa92a

    Download Submit

  • memory/1632-15-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1632-24-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-17-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1632-25-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2688-1-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2688-0-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2688-9-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2688-8-0x0000000000500000-0x000000000050B000-memory.dmp

    Filesize

    44KB

    Download