Overview

overview

7

Static

static

3

2024-09-19...er.exe

windows7-x64

7

2024-09-19...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 04:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-19_4e64ff142ee53bd24fad933afa321264_cryptolocker.exe

  • Size

    80KB

  • MD5

    4e64ff142ee53bd24fad933afa321264

  • SHA1

    1a9ba4140e6f9c0096946dae5661fda50cea833f

  • SHA256

    7f4f34e0480c423eb2625e926dc5186fa96aaf28c91c650ff323ed63948ca76b

  • SHA512

    bf754163e3314882b618a2a3a9c1066cfd21a116e1836b7c1b8ca1673412dbe162ce58adcbbaf25336988827a55f7241d918c5e4e124e4757ca146d23c16b140

  • SSDEEP

    768:V6LsoEEeegiZPvEhHSG+gDYQtOOtEvwDpj/MLa5VccPtNw5CS95yFPFHi:V6QFElP6n+gMQMOtEvwDpjyaLccVNlG

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-19_4e64ff142ee53bd24fad933afa321264_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-19_4e64ff142ee53bd24fad933afa321264_cryptolocker.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\asih.exe
    Filesize

    80KB

    MD5

    c85d6f904b426624cf5bcd6559ad4f3c

    SHA1

    93a83b96d6bc84f6a9d2637b7fb069fe7b058706

    SHA256

    06f5d6dee74e4beeec95b31c69509fd8174a75ad4042b8afbf86910fabb32fcb

    SHA512

    793b10202c579a1c317492329d86a46aad5bb7d43379646b26ca8d0967b3076b21827ec30a96dcd16177cda148fedefb1e905a33e3a86de316e5766df72f7cb2

    Download Submit

  • memory/4084-17-0x00000000005E0000-0x00000000005E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4084-18-0x00000000005B0000-0x00000000005B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4912-0-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4912-1-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4912-2-0x0000000000810000-0x0000000000816000-memory.dmp

    Filesize

    24KB

    Download