Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 03:43

General

  • Target

    2024-09-25_a92526487c59ce4fc6393ef704be0397_cryptolocker.exe

  • Size

    53KB

  • MD5

    a92526487c59ce4fc6393ef704be0397

  • SHA1

    48333dda5736ef9ab80b8e18c7467ae198acbfa2

  • SHA256

    c7f164a5cddaae05998dfbd9bc26769c236db56717e985c509b469ed20b081a8

  • SHA512

    c8c8becff337be7eb737cd94ae7ad7ac19b4ee5cf04f2b0361c161e3865fcdf2e11cc23e1e3982a1e6b6687fe146ccf1b757bbc4bb57f96f35e3cb57c58081f7

  • SSDEEP

    768:z6LsoEEeegiZPvEhHSG+gzum/kLyMro2GtOOtEvwDpj/YY1J+OTOk/4v:z6QFElP6n+gKmddpMOtEvwDpj31ik/2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-25_a92526487c59ce4fc6393ef704be0397_cryptolocker.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-25_a92526487c59ce4fc6393ef704be0397_cryptolocker.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Users\Admin\AppData\Local\Temp\asih.exe
      "C:\Users\Admin\AppData\Local\Temp\asih.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\asih.exe

          Filesize

          54KB

          MD5

          18c742d64c6a4123d8fb7a3356f14ce0

          SHA1

          a940b5ebddf9cb38aa3d5cb1fca4f2c6bb0f9751

          SHA256

          c2ccd0b7f83380fc76885c44da9024c08ab74de72414ab81d6f74e123e5f7520

          SHA512

          8e18c613b75d87d3ba0712957f42ffa200d371f00efe0f7d5dda61e0795861e96830a81cebe4977af1ca0ba8662d1c8a19b9ecdb3bfad7acb2f8db7b2a0c8f70

        • memory/1596-2-0x0000000000280000-0x0000000000286000-memory.dmp

          Filesize

          24KB

        • memory/1596-1-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

        • memory/1596-0-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

        • memory/1596-9-0x0000000000240000-0x0000000000246000-memory.dmp

          Filesize

          24KB

        • memory/1596-14-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

        • memory/2016-16-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB

        • memory/2016-25-0x0000000000330000-0x0000000000336000-memory.dmp

          Filesize

          24KB

        • memory/2016-18-0x0000000000370000-0x0000000000376000-memory.dmp

          Filesize

          24KB

        • memory/2016-26-0x0000000000500000-0x0000000000510000-memory.dmp

          Filesize

          64KB